pulumi-aws-kotlin/com.pulumi.aws.securityhub.kotlin/StandardsControl

StandardsControl

class StandardsControl : KotlinCustomResource

Disable/enable Security Hub standards control in the current region. The aws.securityhub.StandardsControl behaves differently from normal resources, in that Pulumi does not create this resource, but instead "adopts" it into management. When you delete this resource configuration, Pulumi "abandons" resource as is and just removes it from the state.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.securityhub.Account("example", {});
const cisAwsFoundationsBenchmark = new aws.securityhub.StandardsSubscription("cis_aws_foundations_benchmark", {standardsArn: "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0"}, {
    dependsOn: [example],
});
const ensureIamPasswordPolicyPreventsPasswordReuse = new aws.securityhub.StandardsControl("ensure_iam_password_policy_prevents_password_reuse", {
    standardsControlArn: "arn:aws:securityhub:us-east-1:111111111111:control/cis-aws-foundations-benchmark/v/1.2.0/1.10",
    controlStatus: "DISABLED",
    disabledReason: "We handle password policies within Okta",
}, {
    dependsOn: [cisAwsFoundationsBenchmark],
});

import pulumi
import pulumi_aws as aws
example = aws.securityhub.Account("example")
cis_aws_foundations_benchmark = aws.securityhub.StandardsSubscription("cis_aws_foundations_benchmark", standards_arn="arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0",
opts = pulumi.ResourceOptions(depends_on=[example]))
ensure_iam_password_policy_prevents_password_reuse = aws.securityhub.StandardsControl("ensure_iam_password_policy_prevents_password_reuse",
    standards_control_arn="arn:aws:securityhub:us-east-1:111111111111:control/cis-aws-foundations-benchmark/v/1.2.0/1.10",
    control_status="DISABLED",
    disabled_reason="We handle password policies within Okta",
    opts = pulumi.ResourceOptions(depends_on=[cis_aws_foundations_benchmark]))

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
    var example = new Aws.SecurityHub.Account("example");
    var cisAwsFoundationsBenchmark = new Aws.SecurityHub.StandardsSubscription("cis_aws_foundations_benchmark", new()
    {
        StandardsArn = "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0",
    }, new CustomResourceOptions
    {
        DependsOn =
        {
            example,
        },
    });
    var ensureIamPasswordPolicyPreventsPasswordReuse = new Aws.SecurityHub.StandardsControl("ensure_iam_password_policy_prevents_password_reuse", new()
    {
        StandardsControlArn = "arn:aws:securityhub:us-east-1:111111111111:control/cis-aws-foundations-benchmark/v/1.2.0/1.10",
        ControlStatus = "DISABLED",
        DisabledReason = "We handle password policies within Okta",
    }, new CustomResourceOptions
    {
        DependsOn =
        {
            cisAwsFoundationsBenchmark,
        },
    });
});

package main
import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/securityhub"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := securityhub.NewAccount(ctx, "example", nil)
		if err != nil {
			return err
		}
		cisAwsFoundationsBenchmark, err := securityhub.NewStandardsSubscription(ctx, "cis_aws_foundations_benchmark", &securityhub.StandardsSubscriptionArgs{
			StandardsArn: pulumi.String("arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0"),
		}, pulumi.DependsOn([]pulumi.Resource{
			example,
		}))
		if err != nil {
			return err
		}
		_, err = securityhub.NewStandardsControl(ctx, "ensure_iam_password_policy_prevents_password_reuse", &securityhub.StandardsControlArgs{
			StandardsControlArn: pulumi.String("arn:aws:securityhub:us-east-1:111111111111:control/cis-aws-foundations-benchmark/v/1.2.0/1.10"),
			ControlStatus:       pulumi.String("DISABLED"),
			DisabledReason:      pulumi.String("We handle password policies within Okta"),
		}, pulumi.DependsOn([]pulumi.Resource{
			cisAwsFoundationsBenchmark,
		}))
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.securityhub.Account;
import com.pulumi.aws.securityhub.StandardsSubscription;
import com.pulumi.aws.securityhub.StandardsSubscriptionArgs;
import com.pulumi.aws.securityhub.StandardsControl;
import com.pulumi.aws.securityhub.StandardsControlArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var example = new Account("example");
        var cisAwsFoundationsBenchmark = new StandardsSubscription("cisAwsFoundationsBenchmark", StandardsSubscriptionArgs.builder()
            .standardsArn("arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0")
            .build(), CustomResourceOptions.builder()
                .dependsOn(example)
                .build());
        var ensureIamPasswordPolicyPreventsPasswordReuse = new StandardsControl("ensureIamPasswordPolicyPreventsPasswordReuse", StandardsControlArgs.builder()
            .standardsControlArn("arn:aws:securityhub:us-east-1:111111111111:control/cis-aws-foundations-benchmark/v/1.2.0/1.10")
            .controlStatus("DISABLED")
            .disabledReason("We handle password policies within Okta")
            .build(), CustomResourceOptions.builder()
                .dependsOn(cisAwsFoundationsBenchmark)
                .build());
    }
}

resources:
  example:
    type: aws:securityhub:Account
  cisAwsFoundationsBenchmark:
    type: aws:securityhub:StandardsSubscription
    name: cis_aws_foundations_benchmark
    properties:
      standardsArn: arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0
    options:
      dependsOn:
        - ${example}
  ensureIamPasswordPolicyPreventsPasswordReuse:
    type: aws:securityhub:StandardsControl
    name: ensure_iam_password_policy_prevents_password_reuse
    properties:
      standardsControlArn: arn:aws:securityhub:us-east-1:111111111111:control/cis-aws-foundations-benchmark/v/1.2.0/1.10
      controlStatus: DISABLED
      disabledReason: We handle password policies within Okta
    options:
      dependsOn:
        - ${cisAwsFoundationsBenchmark}

Properties

controlId

val controlId: Output<String>

The identifier of the security standard control.

controlStatus

val controlStatus: Output<String>

The control status could be ENABLED or DISABLED. You have to specify disabled_reason argument for DISABLED control status.

controlStatusUpdatedAt

val controlStatusUpdatedAt: Output<String>

The date and time that the status of the security standard control was most recently updated.

description

val description: Output<String>

The standard control longer description. Provides information about what the control is checking for.

disabledReason

val disabledReason: Output<String>

A description of the reason why you are disabling a security standard control. If you specify this attribute, control_status will be set to DISABLED automatically.

val id: Output<String>

pulumiChildResources

val pulumiChildResources: Set<KotlinResource>

pulumiResourceName

val pulumiResourceName: String

pulumiResourceType

val pulumiResourceType: String

relatedRequirements

val relatedRequirements: Output<List<String>>

The list of requirements that are related to this control.

remediationUrl

val remediationUrl: Output<String>

A link to remediation information for the control in the Security Hub user documentation.

severityRating

val severityRating: Output<String>

The severity of findings generated from this security standard control.

standardsControlArn

val standardsControlArn: Output<String>

The standards control ARN. See the AWS documentation for how to list existing controls using get-enabled-standards and describe-standards-controls.

title

val title: Output<String>

The standard control title.

urn

val urn: Output<String>