Standards
data class StandardsControlAssociationArgs(val associationStatus: Output<String>? = null, val securityControlId: Output<String>? = null, val standardsArn: Output<String>? = null, val updatedReason: Output<String>? = null) : ConvertibleToJava<StandardsControlAssociationArgs>
Example Usage
Basic usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.securityhub.Account("example", {});
const cisAwsFoundationsBenchmark = new aws.securityhub.StandardsSubscription("cis_aws_foundations_benchmark", {standardsArn: "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0"}, {
dependsOn: [example],
});
const cisAwsFoundationsBenchmarkDisableIam1 = new aws.securityhub.StandardsControlAssociation("cis_aws_foundations_benchmark_disable_iam_1", {
standardsArn: cisAwsFoundationsBenchmark.standardsArn,
securityControlId: "IAM.1",
associationStatus: "DISABLED",
updatedReason: "Not needed",
});Content copied to clipboard
import pulumi
import pulumi_aws as aws
example = aws.securityhub.Account("example")
cis_aws_foundations_benchmark = aws.securityhub.StandardsSubscription("cis_aws_foundations_benchmark", standards_arn="arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0",
opts = pulumi.ResourceOptions(depends_on=[example]))
cis_aws_foundations_benchmark_disable_iam1 = aws.securityhub.StandardsControlAssociation("cis_aws_foundations_benchmark_disable_iam_1",
standards_arn=cis_aws_foundations_benchmark.standards_arn,
security_control_id="IAM.1",
association_status="DISABLED",
updated_reason="Not needed")Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.SecurityHub.Account("example");
var cisAwsFoundationsBenchmark = new Aws.SecurityHub.StandardsSubscription("cis_aws_foundations_benchmark", new()
{
StandardsArn = "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0",
}, new CustomResourceOptions
{
DependsOn =
{
example,
},
});
var cisAwsFoundationsBenchmarkDisableIam1 = new Aws.SecurityHub.StandardsControlAssociation("cis_aws_foundations_benchmark_disable_iam_1", new()
{
StandardsArn = cisAwsFoundationsBenchmark.StandardsArn,
SecurityControlId = "IAM.1",
AssociationStatus = "DISABLED",
UpdatedReason = "Not needed",
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/securityhub"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := securityhub.NewAccount(ctx, "example", nil)
if err != nil {
return err
}
cisAwsFoundationsBenchmark, err := securityhub.NewStandardsSubscription(ctx, "cis_aws_foundations_benchmark", &securityhub.StandardsSubscriptionArgs{
StandardsArn: pulumi.String("arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0"),
}, pulumi.DependsOn([]pulumi.Resource{
example,
}))
if err != nil {
return err
}
_, err = securityhub.NewStandardsControlAssociation(ctx, "cis_aws_foundations_benchmark_disable_iam_1", &securityhub.StandardsControlAssociationArgs{
StandardsArn: cisAwsFoundationsBenchmark.StandardsArn,
SecurityControlId: pulumi.String("IAM.1"),
AssociationStatus: pulumi.String("DISABLED"),
UpdatedReason: pulumi.String("Not needed"),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.securityhub.Account;
import com.pulumi.aws.securityhub.StandardsSubscription;
import com.pulumi.aws.securityhub.StandardsSubscriptionArgs;
import com.pulumi.aws.securityhub.StandardsControlAssociation;
import com.pulumi.aws.securityhub.StandardsControlAssociationArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Account("example");
var cisAwsFoundationsBenchmark = new StandardsSubscription("cisAwsFoundationsBenchmark", StandardsSubscriptionArgs.builder()
.standardsArn("arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0")
.build(), CustomResourceOptions.builder()
.dependsOn(example)
.build());
var cisAwsFoundationsBenchmarkDisableIam1 = new StandardsControlAssociation("cisAwsFoundationsBenchmarkDisableIam1", StandardsControlAssociationArgs.builder()
.standardsArn(cisAwsFoundationsBenchmark.standardsArn())
.securityControlId("IAM.1")
.associationStatus("DISABLED")
.updatedReason("Not needed")
.build());
}
}Content copied to clipboard
resources:
example:
type: aws:securityhub:Account
cisAwsFoundationsBenchmark:
type: aws:securityhub:StandardsSubscription
name: cis_aws_foundations_benchmark
properties:
standardsArn: arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0
options:
dependsOn:
- ${example}
cisAwsFoundationsBenchmarkDisableIam1:
type: aws:securityhub:StandardsControlAssociation
name: cis_aws_foundations_benchmark_disable_iam_1
properties:
standardsArn: ${cisAwsFoundationsBenchmark.standardsArn}
securityControlId: IAM.1
associationStatus: DISABLED
updatedReason: Not neededContent copied to clipboard
Properties
Link copied to clipboard
The desired enablement status of the control in the standard. Valid values: ENABLED, DISABLED.
Link copied to clipboard
The unique identifier for the security control whose enablement status you want to update.
Link copied to clipboard
The Amazon Resource Name (ARN) of the standard in which you want to update the control's enablement status. The following arguments are optional:
Link copied to clipboard
The reason for updating the control's enablement status in the standard. Required when association_status is DISABLED.