UNPKG

@pulumi/aws

Version:

A Pulumi package for creating and managing Amazon Web Services (AWS) cloud resources.

pulumi.io

pulumi/pulumi-aws

118 lines 5.5 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
"use strict"; // *** WARNING: this file was generated by pulumi-language-nodejs. *** // *** Do not edit by hand unless you're certain you know what you are doing! *** Object.defineProperty(exports, "__esModule", { value: true }); exports.OrganizationConfiguration = void 0; const pulumi = require("@pulumi/pulumi"); const utilities = require("../utilities"); /** * Manages the Security Hub Organization Configuration. * * > **NOTE:** This resource requires an `aws.securityhub.OrganizationAdminAccount` to be configured (not necessarily with Pulumi). More information about managing Security Hub in an organization can be found in the [Managing administrator and member accounts](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-accounts.html) documentation. * * > **NOTE:** In order to set the `configurationType` to `CENTRAL`, the delegated admin must be a member account of the organization and not the management account. Central configuration also requires an `aws.securityhub.FindingAggregator` to be configured. * * > **NOTE:** This is an advanced AWS resource. Pulumi will automatically assume management of the Security Hub Organization Configuration without import and perform no actions on removal from the Pulumi program. * * > **NOTE:** Deleting this resource resets security hub to a local organization configuration with auto enable false. * * ## Example Usage * * ### Local Configuration * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * * const example = new aws.organizations.Organization("example", { * awsServiceAccessPrincipals: ["securityhub.amazonaws.com"], * featureSet: "ALL", * }); * const exampleOrganizationAdminAccount = new aws.securityhub.OrganizationAdminAccount("example", {adminAccountId: "123456789012"}, { * dependsOn: [example], * }); * const exampleOrganizationConfiguration = new aws.securityhub.OrganizationConfiguration("example", {autoEnable: true}); * ``` * * ### Central Configuration * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * * const example = new aws.securityhub.OrganizationAdminAccount("example", {adminAccountId: "123456789012"}, { * dependsOn: [exampleAwsOrganizationsOrganization], * }); * const exampleFindingAggregator = new aws.securityhub.FindingAggregator("example", {linkingMode: "ALL_REGIONS"}, { * dependsOn: [example], * }); * const exampleOrganizationConfiguration = new aws.securityhub.OrganizationConfiguration("example", { * autoEnable: false, * autoEnableStandards: "NONE", * organizationConfiguration: { * configurationType: "CENTRAL", * }, * }, { * dependsOn: [exampleFindingAggregator], * }); * ``` * * ## Import * * Using `pulumi import`, import an existing Security Hub enabled account using the AWS account ID. For example: * * ```sh * $ pulumi import aws:securityhub/organizationConfiguration:OrganizationConfiguration example 123456789012 * ``` */ class OrganizationConfiguration extends pulumi.CustomResource { /** * Get an existing OrganizationConfiguration resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name, id, state, opts) { return new OrganizationConfiguration(name, state, { ...opts, id: id }); } /** * Returns true if the given object is an instance of OrganizationConfiguration. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj) { if (obj === undefined || obj === null) { return false; } return obj['__pulumiType'] === OrganizationConfiguration.__pulumiType; } constructor(name, argsOrState, opts) { let resourceInputs = {}; opts = opts || {}; if (opts.id) { const state = argsOrState; resourceInputs["autoEnable"] = state?.autoEnable; resourceInputs["autoEnableStandards"] = state?.autoEnableStandards; resourceInputs["organizationConfiguration"] = state?.organizationConfiguration; resourceInputs["region"] = state?.region; } else { const args = argsOrState; if (args?.autoEnable === undefined && !opts.urn) { throw new Error("Missing required property 'autoEnable'"); } resourceInputs["autoEnable"] = args?.autoEnable; resourceInputs["autoEnableStandards"] = args?.autoEnableStandards; resourceInputs["organizationConfiguration"] = args?.organizationConfiguration; resourceInputs["region"] = args?.region; } opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts); super(OrganizationConfiguration.__pulumiType, name, resourceInputs, opts); } } exports.OrganizationConfiguration = OrganizationConfiguration; /** @internal */ OrganizationConfiguration.__pulumiType = 'aws:securityhub/organizationConfiguration:OrganizationConfiguration'; //# sourceMappingURL=organizationConfiguration.js.map