pulumi-aws-kotlin/com.pulumi.aws.securityhub.kotlin/StandardsControl

StandardsControl

class StandardsControl : KotlinCustomResource

Disable/enable Security Hub standards control in the current region. The aws.securityhub.StandardsControl behaves differently from normal resources, in that Pulumi does not create this resource, but instead "adopts" it into management. When you delete this resource configuration, Pulumi "abandons" resource as is and just removes it from the state.

Example Usage

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.securityhub.Account;
import com.pulumi.aws.securityhub.StandardsSubscription;
import com.pulumi.aws.securityhub.StandardsSubscriptionArgs;
import com.pulumi.aws.securityhub.StandardsControl;
import com.pulumi.aws.securityhub.StandardsControlArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var example = new Account("example");
        var cisAwsFoundationsBenchmark = new StandardsSubscription("cisAwsFoundationsBenchmark", StandardsSubscriptionArgs.builder()
            .standardsArn("arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0")
            .build(), CustomResourceOptions.builder()
                .dependsOn(example)
                .build());
        var ensureIamPasswordPolicyPreventsPasswordReuse = new StandardsControl("ensureIamPasswordPolicyPreventsPasswordReuse", StandardsControlArgs.builder()
            .standardsControlArn("arn:aws:securityhub:us-east-1:111111111111:control/cis-aws-foundations-benchmark/v/1.2.0/1.10")
            .controlStatus("DISABLED")
            .disabledReason("We handle password policies within Okta")
            .build(), CustomResourceOptions.builder()
                .dependsOn(cisAwsFoundationsBenchmark)
                .build());
    }
}

Properties

controlId

val controlId: Output<String>

The identifier of the security standard control.

controlStatus

val controlStatus: Output<String>

The control status could be ENABLED or DISABLED. You have to specify disabled_reason argument for DISABLED control status.

controlStatusUpdatedAt

val controlStatusUpdatedAt: Output<String>

The date and time that the status of the security standard control was most recently updated.

description

val description: Output<String>

The standard control longer description. Provides information about what the control is checking for.

disabledReason

val disabledReason: Output<String>

A description of the reason why you are disabling a security standard control. If you specify this attribute, control_status will be set to DISABLED automatically.

val id: Output<String>

pulumiChildResources

val pulumiChildResources: Set<KotlinResource>

pulumiResourceName

val pulumiResourceName: String

pulumiResourceType

val pulumiResourceType: String

relatedRequirements

val relatedRequirements: Output<List<String>>

The list of requirements that are related to this control.

remediationUrl

val remediationUrl: Output<String>

A link to remediation information for the control in the Security Hub user documentation.

severityRating

val severityRating: Output<String>

The severity of findings generated from this security standard control.

standardsControlArn

val standardsControlArn: Output<String>

The standards control ARN. See the AWS documentation for how to list existing controls using get-enabled-standards and describe-standards-controls.

title

val title: Output<String>

The standard control title.

urn

val urn: Output<String>