UNPKG

@pulumi/aws

Version:

A Pulumi package for creating and managing Amazon Web Services (AWS) cloud resources.

pulumi/pulumi-aws

184 lines • 7.26 kB

JavaScript

"use strict"; // *** WARNING: this file was generated by pulumi-language-nodejs. *** // *** Do not edit by hand unless you're certain you know what you are doing! *** Object.defineProperty(exports, "__esModule", { value: true }); exports.ConfigurationPolicy = void 0; const pulumi = require("@pulumi/pulumi"); const utilities = require("../utilities"); /** * Manages Security Hub configuration policy * * > **NOTE:** This resource requires `aws.securityhub.OrganizationConfiguration` to be configured of type `CENTRAL`. More information about Security Hub central configuration and configuration policies can be found in the [How Security Hub configuration policies work](https://docs.aws.amazon.com/securityhub/latest/userguide/configuration-policies-overview.html) documentation. * * ## Example Usage * * ### Default standards enabled * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * * const example = new aws.securityhub.FindingAggregator("example", {linkingMode: "ALL_REGIONS"}); * const exampleOrganizationConfiguration = new aws.securityhub.OrganizationConfiguration("example", { * autoEnable: false, * autoEnableStandards: "NONE", * organizationConfiguration: { * configurationType: "CENTRAL", * }, * }, { * dependsOn: [example], * }); * const exampleConfigurationPolicy = new aws.securityhub.ConfigurationPolicy("example", { * name: "Example", * description: "This is an example configuration policy", * configurationPolicy: { * serviceEnabled: true, * enabledStandardArns: [ * "arn:aws:securityhub:us-east-1::standards/aws-foundational-security-best-practices/v/1.0.0", * "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0", * ], * securityControlsConfiguration: { * disabledControlIdentifiers: [], * }, * }, * }, { * dependsOn: [exampleOrganizationConfiguration], * }); * ``` * * ### Disabled Policy * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * * const disabled = new aws.securityhub.ConfigurationPolicy("disabled", { * name: "Disabled", * description: "This is an example of disabled configuration policy", * configurationPolicy: { * serviceEnabled: false, * }, * }, { * dependsOn: [example], * }); * ``` * * ### Custom Control Configuration * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * * const disabled = new aws.securityhub.ConfigurationPolicy("disabled", { * name: "Custom Controls", * description: "This is an example of configuration policy with custom control settings", * configurationPolicy: { * serviceEnabled: true, * enabledStandardArns: [ * "arn:aws:securityhub:us-east-1::standards/aws-foundational-security-best-practices/v/1.0.0", * "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0", * ], * securityControlsConfiguration: { * enabledControlIdentifiers: [ * "APIGateway.1", * "IAM.7", * ], * securityControlCustomParameters: [ * { * securityControlId: "APIGateway.1", * parameters: [{ * name: "loggingLevel", * valueType: "CUSTOM", * "enum": { * value: "INFO", * }, * }], * }, * { * securityControlId: "IAM.7", * parameters: [ * { * name: "RequireLowercaseCharacters", * valueType: "CUSTOM", * bool: { * value: false, * }, * }, * { * name: "MaxPasswordAge", * valueType: "CUSTOM", * int: { * value: 60, * }, * }, * ], * }, * ], * }, * }, * }, { * dependsOn: [example], * }); * ``` * * ## Import * * Using `pulumi import`, import an existing Security Hub enabled account using the universally unique identifier (UUID) of the policy. For example: * * ```sh * $ pulumi import aws:securityhub/configurationPolicy:ConfigurationPolicy example "00000000-1111-2222-3333-444444444444" * ``` */ class ConfigurationPolicy extends pulumi.CustomResource { /** * Get an existing ConfigurationPolicy resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name, id, state, opts) { return new ConfigurationPolicy(name, state, { ...opts, id: id }); } /** * Returns true if the given object is an instance of ConfigurationPolicy. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj) { if (obj === undefined || obj === null) { return false; } return obj['__pulumiType'] === ConfigurationPolicy.__pulumiType; } constructor(name, argsOrState, opts) { let resourceInputs = {}; opts = opts || {}; if (opts.id) { const state = argsOrState; resourceInputs["arn"] = state?.arn; resourceInputs["configurationPolicy"] = state?.configurationPolicy; resourceInputs["description"] = state?.description; resourceInputs["name"] = state?.name; resourceInputs["region"] = state?.region; } else { const args = argsOrState; if (args?.configurationPolicy === undefined && !opts.urn) { throw new Error("Missing required property 'configurationPolicy'"); } resourceInputs["configurationPolicy"] = args?.configurationPolicy; resourceInputs["description"] = args?.description; resourceInputs["name"] = args?.name; resourceInputs["region"] = args?.region; resourceInputs["arn"] = undefined /*out*/; } opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts); super(ConfigurationPolicy.__pulumiType, name, resourceInputs, opts); } } exports.ConfigurationPolicy = ConfigurationPolicy; /** @internal */ ConfigurationPolicy.__pulumiType = 'aws:securityhub/configurationPolicy:ConfigurationPolicy'; //# sourceMappingURL=configurationPolicy.js.map