Readonly
enableIndicates whether AWS Security Hub enabled.
Readonly
exclude(OPTIONAL) List of AWS Region names to be excluded from configuring Security Hub
Readonly
logging(OPTIONAL) Security Hub logs are sent to CloudWatch logs by default. This option can enable or disable the logging.
By default, if nothing is given true
is taken. In order to stop logging, set this parameter to false
.
Please note, this option can be toggled but log group with /${acceleratorPrefix}-SecurityHub
will remain in the account for every enabled region and will need to be manually deleted. This is designed to ensure no accidental loss of data occurs.
Readonly
notification(OPTIONAL) Security Hub notification level
Note: Values accepted are CRITICAL, HIGH, MEDIUM, LOW, INFORMATIONAL
Notifications will be sent for events at the Level provided and above Example, if you specify the HIGH level notifications will be sent for HIGH and CRITICAL
Readonly
region(OPTIONAL) Indicates whether Security Hub results are aggregated in the Home Region.
Readonly
sns(OPTIONAL) SNS Topic for Security Hub notifications.
Note: Topic must exist in the global config
Readonly
standardsSecurity Hub standards configuration
Generated using TypeDoc
SecurityConfig / CentralSecurityServicesConfig / SecurityHubConfig
https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html | AWS Security Hub configuration Use this configuration to enable Amazon Security Hub for an AWS Organization along with it's auditing configuration.
Example