Readonly
auto(OPTIONAL) Enables/disables the auto enabling of SecurityHub for any account including the new accounts joining the organization
It is recommended to set the value to false
when using the deploymentTargets
property to enable SecurityHub only on targeted accounts mentioned in the deploymentTargets. If you do not define or do not set it to false
any new accounts joining the organization will automatically be enabled with SecurityHub.
true
Readonly
deployment(OPTIONAL) Deployment targets for SecurityHub
We highly recommend enabling SecurityHub across all accounts and enabled regions within your organization.
deploymentTargets
should only be used when more granular control is required, not as a default configuration
Please only specify one of the deploymentTargets
or excludeRegions
properties.
Note: The delegated admin account defined in centralSecurityServices will always have SecurityHub enabled.
Readonly
enableIndicates whether AWS Security Hub is enabled (AWSConfig is required for enabling SecurityHub)
Readonly
exclude(OPTIONAL) List of AWS Region names to be excluded from configuring Security Hub
Readonly
logging(OPTIONAL) Security Hub logs are sent to CloudWatch logs by default. This option can enable or disable the logging.
By default, if nothing is given true
is taken. In order to stop logging, set this parameter to false
.
Please note, this option can be toggled but log group with /${acceleratorPrefix}-SecurityHub
will remain in the account for every enabled region and will need to be manually deleted. This is designed to ensure no accidental loss of data occurs.
Readonly
notification(OPTIONAL) Security Hub notification level
Note: Values accepted are CRITICAL, HIGH, MEDIUM, LOW, INFORMATIONAL
Notifications will be sent for events at the Level provided and above Example, if you specify the HIGH level notifications will be sent for HIGH and CRITICAL
Readonly
region(OPTIONAL) Indicates whether Security Hub results are aggregated in the Home Region.
Readonly
sns(OPTIONAL) SNS Topic for Security Hub notifications.
Note: Topic must exist in the global config
Readonly
standardsSecurity Hub standards configuration
Generated using TypeDoc
SecurityConfig / CentralSecurityServicesConfig / SecurityHubConfig
https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html | AWS Security Hub configuration
Description
Use this configuration to enable Amazon Security Hub for an AWS Organization along with it's auditing configuration.
Example