Class SecurityConfigTypes

AWS Accelerator SecurityConfig Types

Hierarchy

SecurityConfigTypes

Index

Constructors

Properties

accessAnalyzerConfig alarmConfig alarmSetConfig auditManagerConfig auditManagerDefaultReportsDestinationConfig awsConfig awsConfigAggregation awsConfigRuleSet centralSecurityServicesConfig cloudWatchConfig configRule configRuleRemediationType customRuleConfigType customRuleLambdaType detectiveConfig documentConfig documentSetConfig ebsDefaultVolumeEncryptionConfig encryptionConfig guardDutyConfig guardDutyEksProtectionConfig guardDutyExportFindingsConfig guardDutyS3ProtectionConfig iamPasswordPolicyConfig keyConfig keyManagementServiceConfig logGroupsConfig macieConfig metricConfig metricSetConfig networkPerimeterConfig remediationParametersConfigType resourcePolicyConfig resourcePolicyEnforcementConfig resourcePolicyRemediationType resourcePolicySetConfig resourceTypeEnum s3PublicAccessBlockConfig scpRevertChangesConfig securityConfig securityHubConfig securityHubLoggingCloudwatchConfig securityHubLoggingConfig securityHubStandardConfig snsSubscriptionConfig ssmAutomationConfig triggeringResourceType

Constructors

constructor

new SecurityConfigTypes(): SecurityConfigTypes
Returns SecurityConfigTypes

Properties

`Static` `Readonly` accessAnalyzerConfig

accessAnalyzerConfig: TypeC<{
enable: BooleanC;
}> = ...

`Static` `Readonly` alarmConfig

alarmConfig: TypeC<{
    alarmDescription: SizedType<string, Type<string, string, unknown>>;
    alarmName: SizedType<string, Type<string, string, unknown>>;
    comparisonOperator: SizedType<string, Type<string, string, unknown>>;
    evaluationPeriods: NumberC;
    metricName: SizedType<string, Type<string, string, unknown>>;
    namespace: SizedType<string, Type<string, string, unknown>>;
    period: NumberC;
    snsAlertLevel: OptionalType<SizedType<string, Type<string, string, unknown>>>;
    snsTopicName: OptionalType<SizedType<string, Type<string, string, unknown>>>;
    statistic: SizedType<string, Type<string, string, unknown>>;
    threshold: NumberC;
    treatMissingData: SizedType<string, Type<string, string, unknown>>;
}> = ...

`Static` `Readonly` alarmSetConfig

alarmSetConfig: TypeC<{
    alarms: ArrayC<TypeC<{
        alarmDescription: SizedType<string, Type<string, string, unknown>>;
        alarmName: SizedType<string, Type<string, string, unknown>>;
        comparisonOperator: SizedType<string, Type<string, string, unknown>>;
        evaluationPeriods: NumberC;
        metricName: SizedType<string, Type<string, string, unknown>>;
        namespace: SizedType<string, Type<string, string, unknown>>;
        period: NumberC;
        snsAlertLevel: OptionalType<SizedType<string, Type<string, string, unknown>>>;
        snsTopicName: OptionalType<SizedType<string, Type<string, string, unknown>>>;
        statistic: SizedType<string, Type<string, string, unknown>>;
        threshold: NumberC;
        treatMissingData: SizedType<string, Type<string, string, unknown>>;
    }>>;
    deploymentTargets: TypeC<{
        accounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
        excludedAccounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
        excludedRegions: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
        organizationalUnits: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
    }>;
    regions: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
}> = ...

`Static` `Readonly` auditManagerConfig

auditManagerConfig: TypeC<{
    defaultReportsConfiguration: TypeC<{
        destinationType: EnumType<string>;
        enable: BooleanC;
    }>;
    enable: BooleanC;
    excludeRegions: OptionalType<ArrayC<EnumType<string>>>;
    lifecycleRules: OptionalType<ArrayC<TypeC<{
        abortIncompleteMultipartUpload: OptionalType<NumberC>;
        enabled: OptionalType<BooleanC>;
        expiration: OptionalType<NumberC>;
        expiredObjectDeleteMarker: OptionalType<BooleanC>;
        id: OptionalType<StringC>;
        noncurrentVersionExpiration: OptionalType<NumberC>;
        noncurrentVersionTransitions: OptionalType<ArrayC<TypeC<{
            storageClass: EnumType<"STANDARD_IA" | "ONEZONE_IA" | "INTELLIGENT_TIERING" | "GLACIER" | "DEEP_ARCHIVE" | "GLACIER_IR" | "Value should be an AWS S3 Storage Class.">;
            transitionAfter: NumberC;
        }>>>;
        prefix: OptionalType<SizedType<string, Type<string, string, unknown>>>;
        transitions: OptionalType<ArrayC<TypeC<{
            storageClass: EnumType<"STANDARD_IA" | "ONEZONE_IA" | "INTELLIGENT_TIERING" | "GLACIER" | "DEEP_ARCHIVE" | "GLACIER_IR" | "Value should be an AWS S3 Storage Class.">;
            transitionAfter: NumberC;
        }>>>;
    }>>>;
}> = ...

AWS Audit Manager configuration

`Static` `Readonly` auditManagerDefaultReportsDestinationConfig

auditManagerDefaultReportsDestinationConfig: TypeC<{
destinationType: EnumType<string>;
enable: BooleanC;
}> = ...

AWS Audit Manager Default Report configuration.

`Static` `Readonly` awsConfig

awsConfig: TypeC<{
    aggregation: OptionalType<TypeC<{
        delegatedAdminAccount: OptionalType<SizedType<string, Type<string, string, unknown>>>;
        enable: BooleanC;
    }>>;
    enableConfigurationRecorder: BooleanC;
    enableDeliveryChannel: OptionalType<BooleanC>;
    overrideExisting: OptionalType<BooleanC>;
    ruleSets: ArrayC<TypeC<{
        deploymentTargets: TypeC<{
            accounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
            excludedAccounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
            excludedRegions: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
            organizationalUnits: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
        }>;
        rules: ArrayC<TypeC<{
            complianceResourceTypes: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
            customRule: OptionalType<TypeC<{
                configurationChanges: OptionalType<BooleanC>;
                lambda: TypeC<{
                    handler: SizedType<string, Type<string, string, unknown>>;
                    rolePolicyFile: SizedType<string, Type<string, string, unknown>>;
                    runtime: SizedType<string, Type<string, string, unknown>>;
                    sourceFilePath: SizedType<string, Type<string, string, unknown>>;
                    timeout: OptionalType<NumberC>;
                }>;
                maximumExecutionFrequency: EnumType<string>;
                periodic: OptionalType<BooleanC>;
                triggeringResources: TypeC<{
                    lookupKey: SizedType<string, Type<string, string, unknown>>;
                    lookupType: EnumType<string>;
                    lookupValue: ArrayC<SizedType<string, Type<string, string, unknown>>>;
                }>;
            }>>;
            description: OptionalType<SizedType<string, Type<string, string, unknown>>>;
            identifier: OptionalType<SizedType<string, Type<string, string, unknown>>>;
            inputParameters: OptionalType<RecordC<SizedType<string, Type<string, string, unknown>>, SizedType<string, Type<string, string, unknown>>>>;
            name: SizedType<string, Type<string, string, unknown>>;
            remediation: OptionalType<TypeC<{
                automatic: BooleanC;
                excludeRegions: OptionalType<ArrayC<EnumType<string>>>;
                maximumAutomaticAttempts: OptionalType<NumberC>;
                parameters: OptionalType<ArrayC<TypeC<{
                    name: SizedType<string, Type<string, string, unknown>>;
                    type: EnumType<string>;
                    value: SizedType<string, Type<string, string, unknown>>;
                }>>>;
                retryAttemptSeconds: OptionalType<NumberC>;
                rolePolicyFile: SizedType<string, Type<string, string, unknown>>;
                targetAccountName: OptionalType<SizedType<string, Type<string, string, unknown>>>;
                targetDocumentLambda: OptionalType<TypeC<{
                    handler: SizedType<string, Type<string, string, unknown>>;
                    rolePolicyFile: SizedType<string, Type<string, string, unknown>>;
                    runtime: SizedType<string, Type<string, string, unknown>>;
                    sourceFilePath: SizedType<string, Type<string, string, unknown>>;
                    timeout: OptionalType<NumberC>;
                }>>;
                targetId: SizedType<string, Type<string, string, unknown>>;
                targetVersion: OptionalType<SizedType<string, Type<string, string, unknown>>>;
            }>>;
            tags: OptionalType<ArrayC<TypeC<{
                key: StringC;
                value: StringC;
            }>>>;
            type: OptionalType<SizedType<string, Type<string, string, unknown>>>;
        }>>;
    }>>;
}> = ...

`Static` `Readonly` awsConfigAggregation

awsConfigAggregation: TypeC<{
delegatedAdminAccount: OptionalType<SizedType<string, Type<string, string, unknown>>>;
enable: BooleanC;
}> = ...

`Static` `Readonly` awsConfigRuleSet

awsConfigRuleSet: TypeC<{
    deploymentTargets: TypeC<{
        accounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
        excludedAccounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
        excludedRegions: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
        organizationalUnits: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
    }>;
    rules: ArrayC<TypeC<{
        complianceResourceTypes: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
        customRule: OptionalType<TypeC<{
            configurationChanges: OptionalType<BooleanC>;
            lambda: TypeC<{
                handler: SizedType<string, Type<string, string, unknown>>;
                rolePolicyFile: SizedType<string, Type<string, string, unknown>>;
                runtime: SizedType<string, Type<string, string, unknown>>;
                sourceFilePath: SizedType<string, Type<string, string, unknown>>;
                timeout: OptionalType<NumberC>;
            }>;
            maximumExecutionFrequency: EnumType<string>;
            periodic: OptionalType<BooleanC>;
            triggeringResources: TypeC<{
                lookupKey: SizedType<string, Type<string, string, unknown>>;
                lookupType: EnumType<string>;
                lookupValue: ArrayC<SizedType<string, Type<string, string, unknown>>>;
            }>;
        }>>;
        description: OptionalType<SizedType<string, Type<string, string, unknown>>>;
        identifier: OptionalType<SizedType<string, Type<string, string, unknown>>>;
        inputParameters: OptionalType<RecordC<SizedType<string, Type<string, string, unknown>>, SizedType<string, Type<string, string, unknown>>>>;
        name: SizedType<string, Type<string, string, unknown>>;
        remediation: OptionalType<TypeC<{
            automatic: BooleanC;
            excludeRegions: OptionalType<ArrayC<EnumType<string>>>;
            maximumAutomaticAttempts: OptionalType<NumberC>;
            parameters: OptionalType<ArrayC<TypeC<{
                name: SizedType<string, Type<string, string, unknown>>;
                type: EnumType<string>;
                value: SizedType<string, Type<string, string, unknown>>;
            }>>>;
            retryAttemptSeconds: OptionalType<NumberC>;
            rolePolicyFile: SizedType<string, Type<string, string, unknown>>;
            targetAccountName: OptionalType<SizedType<string, Type<string, string, unknown>>>;
            targetDocumentLambda: OptionalType<TypeC<{
                handler: SizedType<string, Type<string, string, unknown>>;
                rolePolicyFile: SizedType<string, Type<string, string, unknown>>;
                runtime: SizedType<string, Type<string, string, unknown>>;
                sourceFilePath: SizedType<string, Type<string, string, unknown>>;
                timeout: OptionalType<NumberC>;
            }>>;
            targetId: SizedType<string, Type<string, string, unknown>>;
            targetVersion: OptionalType<SizedType<string, Type<string, string, unknown>>>;
        }>>;
        tags: OptionalType<ArrayC<TypeC<{
            key: StringC;
            value: StringC;
        }>>>;
        type: OptionalType<SizedType<string, Type<string, string, unknown>>>;
    }>>;
}> = ...

`Static` `Readonly` centralSecurityServicesConfig

centralSecurityServicesConfig: TypeC<{
    auditManager: OptionalType<TypeC<{
        defaultReportsConfiguration: TypeC<{
            destinationType: EnumType<string>;
            enable: BooleanC;
        }>;
        enable: BooleanC;
        excludeRegions: OptionalType<ArrayC<EnumType<string>>>;
        lifecycleRules: OptionalType<ArrayC<TypeC<{
            abortIncompleteMultipartUpload: OptionalType<NumberC>;
            enabled: OptionalType<BooleanC>;
            expiration: OptionalType<NumberC>;
            expiredObjectDeleteMarker: OptionalType<BooleanC>;
            id: OptionalType<StringC>;
            noncurrentVersionExpiration: OptionalType<NumberC>;
            noncurrentVersionTransitions: OptionalType<ArrayC<TypeC<{
                storageClass: EnumType<"STANDARD_IA" | "ONEZONE_IA" | "INTELLIGENT_TIERING" | "GLACIER" | "DEEP_ARCHIVE" | "GLACIER_IR" | "Value should be an AWS S3 Storage Class.">;
                transitionAfter: NumberC;
            }>>>;
            prefix: OptionalType<SizedType<string, Type<string, string, unknown>>>;
            transitions: OptionalType<ArrayC<TypeC<{
                storageClass: EnumType<"STANDARD_IA" | "ONEZONE_IA" | "INTELLIGENT_TIERING" | "GLACIER" | "DEEP_ARCHIVE" | "GLACIER_IR" | "Value should be an AWS S3 Storage Class.">;
                transitionAfter: NumberC;
            }>>>;
        }>>>;
    }>>;
    delegatedAdminAccount: SizedType<string, Type<string, string, unknown>>;
    detective: OptionalType<TypeC<{
        enable: BooleanC;
        excludeRegions: OptionalType<ArrayC<EnumType<string>>>;
    }>>;
    ebsDefaultVolumeEncryption: TypeC<{
        deploymentTargets: OptionalType<TypeC<{
            accounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
            excludedAccounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
            excludedRegions: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
            organizationalUnits: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
        }>>;
        enable: BooleanC;
        excludeRegions: OptionalType<ArrayC<EnumType<string>>>;
        kmsKey: OptionalType<SizedType<string, Type<string, string, unknown>>>;
    }>;
    guardduty: TypeC<{
        eksProtection: OptionalType<TypeC<{
            enable: BooleanC;
            excludeRegions: OptionalType<ArrayC<EnumType<string>>>;
        }>>;
        enable: BooleanC;
        excludeRegions: OptionalType<ArrayC<EnumType<string>>>;
        exportConfiguration: TypeC<{
            destinationType: EnumType<string>;
            enable: BooleanC;
            exportFrequency: EnumType<string>;
            overrideExisting: OptionalType<BooleanC>;
            overrideGuardDutyPrefix: OptionalType<TypeC<{
                customOverride: OptionalType<SizedType<string, Type<string, string, unknown>>>;
                useCustomPrefix: BooleanC;
            }>>;
        }>;
        lifecycleRules: OptionalType<ArrayC<TypeC<{
            abortIncompleteMultipartUpload: OptionalType<NumberC>;
            enabled: OptionalType<BooleanC>;
            expiration: OptionalType<NumberC>;
            expiredObjectDeleteMarker: OptionalType<BooleanC>;
            id: OptionalType<StringC>;
            noncurrentVersionExpiration: OptionalType<NumberC>;
            noncurrentVersionTransitions: OptionalType<ArrayC<TypeC<{
                storageClass: EnumType<"STANDARD_IA" | "ONEZONE_IA" | "INTELLIGENT_TIERING" | "GLACIER" | "DEEP_ARCHIVE" | "GLACIER_IR" | "Value should be an AWS S3 Storage Class.">;
                transitionAfter: NumberC;
            }>>>;
            prefix: OptionalType<SizedType<string, Type<string, string, unknown>>>;
            transitions: OptionalType<ArrayC<TypeC<{
                storageClass: EnumType<"STANDARD_IA" | "ONEZONE_IA" | "INTELLIGENT_TIERING" | "GLACIER" | "DEEP_ARCHIVE" | "GLACIER_IR" | "Value should be an AWS S3 Storage Class.">;
                transitionAfter: NumberC;
            }>>>;
        }>>>;
        s3Protection: TypeC<{
            enable: BooleanC;
            excludeRegions: OptionalType<ArrayC<EnumType<string>>>;
        }>;
    }>;
    macie: TypeC<{
        enable: BooleanC;
        excludeRegions: OptionalType<ArrayC<EnumType<string>>>;
        lifecycleRules: OptionalType<ArrayC<TypeC<{
            abortIncompleteMultipartUpload: OptionalType<NumberC>;
            enabled: OptionalType<BooleanC>;
            expiration: OptionalType<NumberC>;
            expiredObjectDeleteMarker: OptionalType<BooleanC>;
            id: OptionalType<StringC>;
            noncurrentVersionExpiration: OptionalType<NumberC>;
            noncurrentVersionTransitions: OptionalType<ArrayC<TypeC<{
                storageClass: EnumType<"STANDARD_IA" | "ONEZONE_IA" | "INTELLIGENT_TIERING" | "GLACIER" | "DEEP_ARCHIVE" | "GLACIER_IR" | "Value should be an AWS S3 Storage Class.">;
                transitionAfter: NumberC;
            }>>>;
            prefix: OptionalType<SizedType<string, Type<string, string, unknown>>>;
            transitions: OptionalType<ArrayC<TypeC<{
                storageClass: EnumType<"STANDARD_IA" | "ONEZONE_IA" | "INTELLIGENT_TIERING" | "GLACIER" | "DEEP_ARCHIVE" | "GLACIER_IR" | "Value should be an AWS S3 Storage Class.">;
                transitionAfter: NumberC;
            }>>>;
        }>>>;
        policyFindingsPublishingFrequency: EnumType<string>;
        publishSensitiveDataFindings: BooleanC;
    }>;
    s3PublicAccessBlock: TypeC<{
        enable: BooleanC;
        excludeAccounts: OptionalType<ArrayC<StringC>>;
    }>;
    scpRevertChangesConfig: OptionalType<TypeC<{
        enable: BooleanC;
        snsTopicName: OptionalType<SizedType<string, Type<string, string, unknown>>>;
    }>>;
    securityHub: TypeC<{
        enable: BooleanC;
        excludeRegions: OptionalType<ArrayC<EnumType<string>>>;
        logging: OptionalType<TypeC<{
            cloudWatch: OptionalType<TypeC<{
                enable: BooleanC;
            }>>;
        }>>;
        notificationLevel: OptionalType<StringC>;
        regionAggregation: OptionalType<BooleanC>;
        snsTopicName: OptionalType<StringC>;
        standards: ArrayC<TypeC<{
            controlsToDisable: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
            deploymentTargets: OptionalType<TypeC<{
                accounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
                excludedAccounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
                excludedRegions: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
                organizationalUnits: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
            }>>;
            enable: BooleanC;
            name: EnumType<string>;
        }>>;
    }>;
    ssmAutomation: TypeC<{
        documentSets: ArrayC<TypeC<{
            documents: ArrayC<TypeC<{
                name: SizedType<string, Type<string, string, unknown>>;
                template: SizedType<string, Type<string, string, unknown>>;
            }>>;
            shareTargets: TypeC<{
                accounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
                organizationalUnits: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
            }>;
        }>>;
        excludeRegions: OptionalType<ArrayC<EnumType<string>>>;
    }>;
}> = ...

Central security services configuration

`Static` `Readonly` cloudWatchConfig

cloudWatchConfig: TypeC<{
    alarmSets: ArrayC<TypeC<{
        alarms: ArrayC<TypeC<{
            alarmDescription: SizedType<string, Type<string, string, unknown>>;
            alarmName: SizedType<string, Type<string, string, unknown>>;
            comparisonOperator: SizedType<string, Type<string, string, unknown>>;
            evaluationPeriods: NumberC;
            metricName: SizedType<string, Type<string, string, unknown>>;
            namespace: SizedType<string, Type<string, string, unknown>>;
            period: NumberC;
            snsAlertLevel: OptionalType<SizedType<string, Type<string, string, unknown>>>;
            snsTopicName: OptionalType<SizedType<string, Type<string, string, unknown>>>;
            statistic: SizedType<string, Type<string, string, unknown>>;
            threshold: NumberC;
            treatMissingData: SizedType<string, Type<string, string, unknown>>;
        }>>;
        deploymentTargets: TypeC<{
            accounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
            excludedAccounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
            excludedRegions: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
            organizationalUnits: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
        }>;
        regions: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
    }>>;
    logGroups: OptionalType<ArrayC<TypeC<{
        deploymentTargets: TypeC<{
            accounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
            excludedAccounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
            excludedRegions: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
            organizationalUnits: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
        }>;
        encryption: OptionalType<TypeC<{
            kmsKeyArn: OptionalType<SizedType<string, Type<string, string, unknown>>>;
            kmsKeyName: OptionalType<SizedType<string, Type<string, string, unknown>>>;
            useLzaManagedKey: OptionalType<BooleanC>;
        }>>;
        logGroupName: SizedType<string, Type<string, string, unknown>>;
        logRetentionInDays: NumberC;
        terminationProtected: OptionalType<BooleanC>;
    }>>>;
    metricSets: ArrayC<TypeC<{
        deploymentTargets: TypeC<{
            accounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
            excludedAccounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
            excludedRegions: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
            organizationalUnits: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
        }>;
        metrics: ArrayC<TypeC<{
            filterName: SizedType<string, Type<string, string, unknown>>;
            filterPattern: SizedType<string, Type<string, string, unknown>>;
            logGroupName: SizedType<string, Type<string, string, unknown>>;
            metricName: SizedType<string, Type<string, string, unknown>>;
            metricNamespace: SizedType<string, Type<string, string, unknown>>;
            metricValue: SizedType<string, Type<string, string, unknown>>;
        }>>;
        regions: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
    }>>;
}> = ...

`Static` `Readonly` configRule

configRule: TypeC<{
    complianceResourceTypes: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
    customRule: OptionalType<TypeC<{
        configurationChanges: OptionalType<BooleanC>;
        lambda: TypeC<{
            handler: SizedType<string, Type<string, string, unknown>>;
            rolePolicyFile: SizedType<string, Type<string, string, unknown>>;
            runtime: SizedType<string, Type<string, string, unknown>>;
            sourceFilePath: SizedType<string, Type<string, string, unknown>>;
            timeout: OptionalType<NumberC>;
        }>;
        maximumExecutionFrequency: EnumType<string>;
        periodic: OptionalType<BooleanC>;
        triggeringResources: TypeC<{
            lookupKey: SizedType<string, Type<string, string, unknown>>;
            lookupType: EnumType<string>;
            lookupValue: ArrayC<SizedType<string, Type<string, string, unknown>>>;
        }>;
    }>>;
    description: OptionalType<SizedType<string, Type<string, string, unknown>>>;
    identifier: OptionalType<SizedType<string, Type<string, string, unknown>>>;
    inputParameters: OptionalType<RecordC<SizedType<string, Type<string, string, unknown>>, SizedType<string, Type<string, string, unknown>>>>;
    name: SizedType<string, Type<string, string, unknown>>;
    remediation: OptionalType<TypeC<{
        automatic: BooleanC;
        excludeRegions: OptionalType<ArrayC<EnumType<string>>>;
        maximumAutomaticAttempts: OptionalType<NumberC>;
        parameters: OptionalType<ArrayC<TypeC<{
            name: SizedType<string, Type<string, string, unknown>>;
            type: EnumType<string>;
            value: SizedType<string, Type<string, string, unknown>>;
        }>>>;
        retryAttemptSeconds: OptionalType<NumberC>;
        rolePolicyFile: SizedType<string, Type<string, string, unknown>>;
        targetAccountName: OptionalType<SizedType<string, Type<string, string, unknown>>>;
        targetDocumentLambda: OptionalType<TypeC<{
            handler: SizedType<string, Type<string, string, unknown>>;
            rolePolicyFile: SizedType<string, Type<string, string, unknown>>;
            runtime: SizedType<string, Type<string, string, unknown>>;
            sourceFilePath: SizedType<string, Type<string, string, unknown>>;
            timeout: OptionalType<NumberC>;
        }>>;
        targetId: SizedType<string, Type<string, string, unknown>>;
        targetVersion: OptionalType<SizedType<string, Type<string, string, unknown>>>;
    }>>;
    tags: OptionalType<ArrayC<TypeC<{
        key: StringC;
        value: StringC;
    }>>>;
    type: OptionalType<SizedType<string, Type<string, string, unknown>>>;
}> = ...

`Static` `Readonly` configRuleRemediationType

configRuleRemediationType: TypeC<{
    automatic: BooleanC;
    excludeRegions: OptionalType<ArrayC<EnumType<string>>>;
    maximumAutomaticAttempts: OptionalType<NumberC>;
    parameters: OptionalType<ArrayC<TypeC<{
        name: SizedType<string, Type<string, string, unknown>>;
        type: EnumType<string>;
        value: SizedType<string, Type<string, string, unknown>>;
    }>>>;
    retryAttemptSeconds: OptionalType<NumberC>;
    rolePolicyFile: SizedType<string, Type<string, string, unknown>>;
    targetAccountName: OptionalType<SizedType<string, Type<string, string, unknown>>>;
    targetDocumentLambda: OptionalType<TypeC<{
        handler: SizedType<string, Type<string, string, unknown>>;
        rolePolicyFile: SizedType<string, Type<string, string, unknown>>;
        runtime: SizedType<string, Type<string, string, unknown>>;
        sourceFilePath: SizedType<string, Type<string, string, unknown>>;
        timeout: OptionalType<NumberC>;
    }>>;
    targetId: SizedType<string, Type<string, string, unknown>>;
    targetVersion: OptionalType<SizedType<string, Type<string, string, unknown>>>;
}> = ...

`Static` `Readonly` customRuleConfigType

customRuleConfigType: TypeC<{
    configurationChanges: OptionalType<BooleanC>;
    lambda: TypeC<{
        handler: SizedType<string, Type<string, string, unknown>>;
        rolePolicyFile: SizedType<string, Type<string, string, unknown>>;
        runtime: SizedType<string, Type<string, string, unknown>>;
        sourceFilePath: SizedType<string, Type<string, string, unknown>>;
        timeout: OptionalType<NumberC>;
    }>;
    maximumExecutionFrequency: EnumType<string>;
    periodic: OptionalType<BooleanC>;
    triggeringResources: TypeC<{
        lookupKey: SizedType<string, Type<string, string, unknown>>;
        lookupType: EnumType<string>;
        lookupValue: ArrayC<SizedType<string, Type<string, string, unknown>>>;
    }>;
}> = ...

`Static` `Readonly` customRuleLambdaType

customRuleLambdaType: TypeC<{
    handler: SizedType<string, Type<string, string, unknown>>;
    rolePolicyFile: SizedType<string, Type<string, string, unknown>>;
    runtime: SizedType<string, Type<string, string, unknown>>;
    sourceFilePath: SizedType<string, Type<string, string, unknown>>;
    timeout: OptionalType<NumberC>;
}> = ...

`Static` `Readonly` detectiveConfig

detectiveConfig: TypeC<{
enable: BooleanC;
excludeRegions: OptionalType<ArrayC<EnumType<string>>>;
}> = ...

AWS Detective configuration

`Static` `Readonly` documentConfig

documentConfig: TypeC<{
name: SizedType<string, Type<string, string, unknown>>;
template: SizedType<string, Type<string, string, unknown>>;
}> = ...

`Static` `Readonly` documentSetConfig

documentSetConfig: TypeC<{
    documents: ArrayC<TypeC<{
        name: SizedType<string, Type<string, string, unknown>>;
        template: SizedType<string, Type<string, string, unknown>>;
    }>>;
    shareTargets: TypeC<{
        accounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
        organizationalUnits: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
    }>;
}> = ...

`Static` `Readonly` ebsDefaultVolumeEncryptionConfig

ebsDefaultVolumeEncryptionConfig: TypeC<{
    deploymentTargets: OptionalType<TypeC<{
        accounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
        excludedAccounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
        excludedRegions: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
        organizationalUnits: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
    }>>;
    enable: BooleanC;
    excludeRegions: OptionalType<ArrayC<EnumType<string>>>;
    kmsKey: OptionalType<SizedType<string, Type<string, string, unknown>>>;
}> = ...

`Static` `Readonly` encryptionConfig

encryptionConfig: TypeC<{
    kmsKeyArn: OptionalType<SizedType<string, Type<string, string, unknown>>>;
    kmsKeyName: OptionalType<SizedType<string, Type<string, string, unknown>>>;
    useLzaManagedKey: OptionalType<BooleanC>;
}> = ...

`Static` `Readonly` guardDutyConfig

guardDutyConfig: TypeC<{
    eksProtection: OptionalType<TypeC<{
        enable: BooleanC;
        excludeRegions: OptionalType<ArrayC<EnumType<string>>>;
    }>>;
    enable: BooleanC;
    excludeRegions: OptionalType<ArrayC<EnumType<string>>>;
    exportConfiguration: TypeC<{
        destinationType: EnumType<string>;
        enable: BooleanC;
        exportFrequency: EnumType<string>;
        overrideExisting: OptionalType<BooleanC>;
        overrideGuardDutyPrefix: OptionalType<TypeC<{
            customOverride: OptionalType<SizedType<string, Type<string, string, unknown>>>;
            useCustomPrefix: BooleanC;
        }>>;
    }>;
    lifecycleRules: OptionalType<ArrayC<TypeC<{
        abortIncompleteMultipartUpload: OptionalType<NumberC>;
        enabled: OptionalType<BooleanC>;
        expiration: OptionalType<NumberC>;
        expiredObjectDeleteMarker: OptionalType<BooleanC>;
        id: OptionalType<StringC>;
        noncurrentVersionExpiration: OptionalType<NumberC>;
        noncurrentVersionTransitions: OptionalType<ArrayC<TypeC<{
            storageClass: EnumType<"STANDARD_IA" | "ONEZONE_IA" | "INTELLIGENT_TIERING" | "GLACIER" | "DEEP_ARCHIVE" | "GLACIER_IR" | "Value should be an AWS S3 Storage Class.">;
            transitionAfter: NumberC;
        }>>>;
        prefix: OptionalType<SizedType<string, Type<string, string, unknown>>>;
        transitions: OptionalType<ArrayC<TypeC<{
            storageClass: EnumType<"STANDARD_IA" | "ONEZONE_IA" | "INTELLIGENT_TIERING" | "GLACIER" | "DEEP_ARCHIVE" | "GLACIER_IR" | "Value should be an AWS S3 Storage Class.">;
            transitionAfter: NumberC;
        }>>>;
    }>>>;
    s3Protection: TypeC<{
        enable: BooleanC;
        excludeRegions: OptionalType<ArrayC<EnumType<string>>>;
    }>;
}> = ...

AWS GuardDuty configuration

`Static` `Readonly` guardDutyEksProtectionConfig

guardDutyEksProtectionConfig: TypeC<{
enable: BooleanC;
excludeRegions: OptionalType<ArrayC<EnumType<string>>>;
}> = ...

AWS GuardDuty S3 Protection configuration.

`Static` `Readonly` guardDutyExportFindingsConfig

guardDutyExportFindingsConfig: TypeC<{
    destinationType: EnumType<string>;
    enable: BooleanC;
    exportFrequency: EnumType<string>;
    overrideExisting: OptionalType<BooleanC>;
    overrideGuardDutyPrefix: OptionalType<TypeC<{
        customOverride: OptionalType<SizedType<string, Type<string, string, unknown>>>;
        useCustomPrefix: BooleanC;
    }>>;
}> = ...

AWS GuardDuty Export Findings configuration.

`Static` `Readonly` guardDutyS3ProtectionConfig

guardDutyS3ProtectionConfig: TypeC<{
enable: BooleanC;
excludeRegions: OptionalType<ArrayC<EnumType<string>>>;
}> = ...

AWS GuardDuty S3 Protection configuration.

`Static` `Readonly` iamPasswordPolicyConfig

iamPasswordPolicyConfig: TypeC<{
    allowUsersToChangePassword: BooleanC;
    hardExpiry: BooleanC;
    maxPasswordAge: NumberC;
    minimumPasswordLength: NumberC;
    passwordReusePrevention: NumberC;
    requireLowercaseCharacters: BooleanC;
    requireNumbers: BooleanC;
    requireSymbols: BooleanC;
    requireUppercaseCharacters: BooleanC;
}> = ...

`Static` `Readonly` keyConfig

keyConfig: TypeC<{
    alias: OptionalType<SizedType<string, Type<string, string, unknown>>>;
    deploymentTargets: TypeC<{
        accounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
        excludedAccounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
        excludedRegions: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
        organizationalUnits: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
    }>;
    description: OptionalType<SizedType<string, Type<string, string, unknown>>>;
    enableKeyRotation: OptionalType<BooleanC>;
    enabled: OptionalType<BooleanC>;
    name: SizedType<string, Type<string, string, unknown>>;
    policy: OptionalType<SizedType<string, Type<string, string, unknown>>>;
    removalPolicy: OptionalType<EnumType<string>>;
}> = ...

AWS KMS Key configuration

`Static` `Readonly` keyManagementServiceConfig

keyManagementServiceConfig: TypeC<{
    keySets: ArrayC<TypeC<{
        alias: OptionalType<SizedType<string, Type<string, string, unknown>>>;
        deploymentTargets: TypeC<{
            accounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
            excludedAccounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
            excludedRegions: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
            organizationalUnits: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
        }>;
        description: OptionalType<SizedType<string, Type<string, string, unknown>>>;
        enableKeyRotation: OptionalType<BooleanC>;
        enabled: OptionalType<BooleanC>;
        name: SizedType<string, Type<string, string, unknown>>;
        policy: OptionalType<SizedType<string, Type<string, string, unknown>>>;
        removalPolicy: OptionalType<EnumType<string>>;
    }>>;
}> = ...

KMS key management configuration

`Static` `Readonly` logGroupsConfig

logGroupsConfig: TypeC<{
    deploymentTargets: TypeC<{
        accounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
        excludedAccounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
        excludedRegions: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
        organizationalUnits: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
    }>;
    encryption: OptionalType<TypeC<{
        kmsKeyArn: OptionalType<SizedType<string, Type<string, string, unknown>>>;
        kmsKeyName: OptionalType<SizedType<string, Type<string, string, unknown>>>;
        useLzaManagedKey: OptionalType<BooleanC>;
    }>>;
    logGroupName: SizedType<string, Type<string, string, unknown>>;
    logRetentionInDays: NumberC;
    terminationProtected: OptionalType<BooleanC>;
}> = ...

`Static` `Readonly` macieConfig

macieConfig: TypeC<{
    enable: BooleanC;
    excludeRegions: OptionalType<ArrayC<EnumType<string>>>;
    lifecycleRules: OptionalType<ArrayC<TypeC<{
        abortIncompleteMultipartUpload: OptionalType<NumberC>;
        enabled: OptionalType<BooleanC>;
        expiration: OptionalType<NumberC>;
        expiredObjectDeleteMarker: OptionalType<BooleanC>;
        id: OptionalType<StringC>;
        noncurrentVersionExpiration: OptionalType<NumberC>;
        noncurrentVersionTransitions: OptionalType<ArrayC<TypeC<{
            storageClass: EnumType<"STANDARD_IA" | "ONEZONE_IA" | "INTELLIGENT_TIERING" | "GLACIER" | "DEEP_ARCHIVE" | "GLACIER_IR" | "Value should be an AWS S3 Storage Class.">;
            transitionAfter: NumberC;
        }>>>;
        prefix: OptionalType<SizedType<string, Type<string, string, unknown>>>;
        transitions: OptionalType<ArrayC<TypeC<{
            storageClass: EnumType<"STANDARD_IA" | "ONEZONE_IA" | "INTELLIGENT_TIERING" | "GLACIER" | "DEEP_ARCHIVE" | "GLACIER_IR" | "Value should be an AWS S3 Storage Class.">;
            transitionAfter: NumberC;
        }>>>;
    }>>>;
    policyFindingsPublishingFrequency: EnumType<string>;
    publishSensitiveDataFindings: BooleanC;
}> = ...

AWS Macie configuration

`Static` `Readonly` metricConfig

metricConfig: TypeC<{
    filterName: SizedType<string, Type<string, string, unknown>>;
    filterPattern: SizedType<string, Type<string, string, unknown>>;
    logGroupName: SizedType<string, Type<string, string, unknown>>;
    metricName: SizedType<string, Type<string, string, unknown>>;
    metricNamespace: SizedType<string, Type<string, string, unknown>>;
    metricValue: SizedType<string, Type<string, string, unknown>>;
}> = ...

`Static` `Readonly` metricSetConfig

metricSetConfig: TypeC<{
    deploymentTargets: TypeC<{
        accounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
        excludedAccounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
        excludedRegions: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
        organizationalUnits: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
    }>;
    metrics: ArrayC<TypeC<{
        filterName: SizedType<string, Type<string, string, unknown>>;
        filterPattern: SizedType<string, Type<string, string, unknown>>;
        logGroupName: SizedType<string, Type<string, string, unknown>>;
        metricName: SizedType<string, Type<string, string, unknown>>;
        metricNamespace: SizedType<string, Type<string, string, unknown>>;
        metricValue: SizedType<string, Type<string, string, unknown>>;
    }>>;
    regions: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
}> = ...

`Static` `Readonly` networkPerimeterConfig

networkPerimeterConfig: TypeC<{
managedVpcOnly: OptionalType<BooleanC>;
}> = ...

`Static` `Readonly` remediationParametersConfigType

remediationParametersConfigType: TypeC<{
    name: SizedType<string, Type<string, string, unknown>>;
    type: EnumType<string>;
    value: SizedType<string, Type<string, string, unknown>>;
}> = ...

Config rule remediation input parameter configuration type

`Static` `Readonly` resourcePolicyConfig

resourcePolicyConfig: TypeC<{
document: SizedType<string, Type<string, string, unknown>>;
resourceType: EnumType<"IAM_ROLE" | "LAMBDA_FUNCTION" | "S3_BUCKET" | "SNS_TOPIC" | "SQS_QUEUE" | "KMS_KEY" | "SECRETS_MANAGER_SECRET" | "ECR_REPOSITORY" | "OPENSEARCH_DOMAIN" | "APIGATEWAY_REST_API" | "LEX_BOT" | "EFS_FILE_SYSTEM" | "EVENTBRIDGE_EVENTBUS" | "BACKUP_VAULT" | "CODEARTIFACT_REPOSITORY" | "CERTIFICATE_AUTHORITY">;
}> = ...

`Static` `Readonly` resourcePolicyEnforcementConfig

resourcePolicyEnforcementConfig: TypeC<{
    enable: BooleanC;
    networkPerimeter: OptionalType<TypeC<{
        managedVpcOnly: OptionalType<BooleanC>;
    }>>;
    policySets: ArrayC<TypeC<{
        deploymentTargets: TypeC<{
            accounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
            excludedAccounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
            excludedRegions: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
            organizationalUnits: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
        }>;
        inputParameters: OptionalType<RecordC<SizedType<string, Type<string, string, unknown>>, SizedType<string, Type<string, string, unknown>>>>;
        resourcePolicies: ArrayC<TypeC<{
            document: SizedType<string, Type<string, string, unknown>>;
            resourceType: EnumType<"IAM_ROLE" | "LAMBDA_FUNCTION" | "S3_BUCKET" | "SNS_TOPIC" | "SQS_QUEUE" | "KMS_KEY" | "SECRETS_MANAGER_SECRET" | "ECR_REPOSITORY" | "OPENSEARCH_DOMAIN" | "APIGATEWAY_REST_API" | "LEX_BOT" | "EFS_FILE_SYSTEM" | "EVENTBRIDGE_EVENTBUS" | "BACKUP_VAULT" | "CODEARTIFACT_REPOSITORY" | "CERTIFICATE_AUTHORITY">;
        }>>;
    }>>;
    remediation: TypeC<{
        automatic: BooleanC;
        maximumAutomaticAttempts: OptionalType<NumberC>;
        retryAttemptSeconds: OptionalType<NumberC>;
    }>;
}> = ...

Resource policy enforcement configuration

`Static` `Readonly` resourcePolicyRemediationType

resourcePolicyRemediationType: TypeC<{
    automatic: BooleanC;
    maximumAutomaticAttempts: OptionalType<NumberC>;
    retryAttemptSeconds: OptionalType<NumberC>;
}> = ...

`Static` `Readonly` resourcePolicySetConfig

resourcePolicySetConfig: TypeC<{
    deploymentTargets: TypeC<{
        accounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
        excludedAccounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
        excludedRegions: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
        organizationalUnits: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
    }>;
    inputParameters: OptionalType<RecordC<SizedType<string, Type<string, string, unknown>>, SizedType<string, Type<string, string, unknown>>>>;
    resourcePolicies: ArrayC<TypeC<{
        document: SizedType<string, Type<string, string, unknown>>;
        resourceType: EnumType<"IAM_ROLE" | "LAMBDA_FUNCTION" | "S3_BUCKET" | "SNS_TOPIC" | "SQS_QUEUE" | "KMS_KEY" | "SECRETS_MANAGER_SECRET" | "ECR_REPOSITORY" | "OPENSEARCH_DOMAIN" | "APIGATEWAY_REST_API" | "LEX_BOT" | "EFS_FILE_SYSTEM" | "EVENTBRIDGE_EVENTBUS" | "BACKUP_VAULT" | "CODEARTIFACT_REPOSITORY" | "CERTIFICATE_AUTHORITY">;
    }>>;
}> = ...

`Static` `Readonly` resourceTypeEnum

`Static` `Readonly` s3PublicAccessBlockConfig

s3PublicAccessBlockConfig: TypeC<{
enable: BooleanC;
excludeAccounts: OptionalType<ArrayC<StringC>>;
}> = ...

Amazon Web Services S3 configuration

`Static` `Readonly` scpRevertChangesConfig

scpRevertChangesConfig: TypeC<{
enable: BooleanC;
snsTopicName: OptionalType<SizedType<string, Type<string, string, unknown>>>;
}> = ...

Revert Manual Service Control Policy (SCP) Changes configuration

`Static` `Readonly` securityConfig

securityConfig: TypeC<{
    accessAnalyzer: TypeC<{
        enable: BooleanC;
    }>;
    awsConfig: TypeC<{
        aggregation: OptionalType<TypeC<{
            delegatedAdminAccount: OptionalType<SizedType<string, Type<string, string, unknown>>>;
            enable: BooleanC;
        }>>;
        enableConfigurationRecorder: BooleanC;
        enableDeliveryChannel: OptionalType<BooleanC>;
        overrideExisting: OptionalType<BooleanC>;
        ruleSets: ArrayC<TypeC<{
            deploymentTargets: TypeC<{
                accounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
                excludedAccounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
                excludedRegions: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
                organizationalUnits: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
            }>;
            rules: ArrayC<TypeC<{
                complianceResourceTypes: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
                customRule: OptionalType<TypeC<{
                    configurationChanges: OptionalType<BooleanC>;
                    lambda: TypeC<{
                        handler: SizedType<string, Type<string, string, unknown>>;
                        rolePolicyFile: SizedType<string, Type<string, string, unknown>>;
                        runtime: SizedType<string, Type<string, string, unknown>>;
                        sourceFilePath: SizedType<string, Type<string, string, unknown>>;
                        timeout: OptionalType<NumberC>;
                    }>;
                    maximumExecutionFrequency: EnumType<string>;
                    periodic: OptionalType<BooleanC>;
                    triggeringResources: TypeC<{
                        lookupKey: SizedType<string, Type<string, string, unknown>>;
                        lookupType: EnumType<string>;
                        lookupValue: ArrayC<SizedType<string, Type<string, string, unknown>>>;
                    }>;
                }>>;
                description: OptionalType<SizedType<string, Type<string, string, unknown>>>;
                identifier: OptionalType<SizedType<string, Type<string, string, unknown>>>;
                inputParameters: OptionalType<RecordC<SizedType<string, Type<string, string, unknown>>, SizedType<string, Type<string, string, unknown>>>>;
                name: SizedType<string, Type<string, string, unknown>>;
                remediation: OptionalType<TypeC<{
                    automatic: BooleanC;
                    excludeRegions: OptionalType<ArrayC<EnumType<string>>>;
                    maximumAutomaticAttempts: OptionalType<NumberC>;
                    parameters: OptionalType<ArrayC<TypeC<{
                        name: SizedType<string, Type<string, string, unknown>>;
                        type: EnumType<string>;
                        value: SizedType<string, Type<string, string, unknown>>;
                    }>>>;
                    retryAttemptSeconds: OptionalType<NumberC>;
                    rolePolicyFile: SizedType<string, Type<string, string, unknown>>;
                    targetAccountName: OptionalType<SizedType<string, Type<string, string, unknown>>>;
                    targetDocumentLambda: OptionalType<TypeC<{
                        handler: SizedType<string, Type<string, string, unknown>>;
                        rolePolicyFile: SizedType<string, Type<string, string, unknown>>;
                        runtime: SizedType<string, Type<string, string, unknown>>;
                        sourceFilePath: SizedType<string, Type<string, string, unknown>>;
                        timeout: OptionalType<NumberC>;
                    }>>;
                    targetId: SizedType<string, Type<string, string, unknown>>;
                    targetVersion: OptionalType<SizedType<string, Type<string, string, unknown>>>;
                }>>;
                tags: OptionalType<ArrayC<TypeC<{
                    key: StringC;
                    value: StringC;
                }>>>;
                type: OptionalType<SizedType<string, Type<string, string, unknown>>>;
            }>>;
        }>>;
    }>;
    centralSecurityServices: TypeC<{
        auditManager: OptionalType<TypeC<{
            defaultReportsConfiguration: TypeC<{
                destinationType: EnumType<string>;
                enable: BooleanC;
            }>;
            enable: BooleanC;
            excludeRegions: OptionalType<ArrayC<EnumType<string>>>;
            lifecycleRules: OptionalType<ArrayC<TypeC<{
                abortIncompleteMultipartUpload: OptionalType<NumberC>;
                enabled: OptionalType<BooleanC>;
                expiration: OptionalType<NumberC>;
                expiredObjectDeleteMarker: OptionalType<BooleanC>;
                id: OptionalType<StringC>;
                noncurrentVersionExpiration: OptionalType<NumberC>;
                noncurrentVersionTransitions: OptionalType<ArrayC<TypeC<{
                    storageClass: EnumType<"STANDARD_IA" | "ONEZONE_IA" | "INTELLIGENT_TIERING" | "GLACIER" | "DEEP_ARCHIVE" | "GLACIER_IR" | "Value should be an AWS S3 Storage Class.">;
                    transitionAfter: NumberC;
                }>>>;
                prefix: OptionalType<SizedType<string, Type<string, string, unknown>>>;
                transitions: OptionalType<ArrayC<TypeC<{
                    storageClass: EnumType<"STANDARD_IA" | "ONEZONE_IA" | "INTELLIGENT_TIERING" | "GLACIER" | "DEEP_ARCHIVE" | "GLACIER_IR" | "Value should be an AWS S3 Storage Class.">;
                    transitionAfter: NumberC;
                }>>>;
            }>>>;
        }>>;
        delegatedAdminAccount: SizedType<string, Type<string, string, unknown>>;
        detective: OptionalType<TypeC<{
            enable: BooleanC;
            excludeRegions: OptionalType<ArrayC<EnumType<string>>>;
        }>>;
        ebsDefaultVolumeEncryption: TypeC<{
            deploymentTargets: OptionalType<TypeC<{
                accounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
                excludedAccounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
                excludedRegions: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
                organizationalUnits: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
            }>>;
            enable: BooleanC;
            excludeRegions: OptionalType<ArrayC<EnumType<string>>>;
            kmsKey: OptionalType<SizedType<string, Type<string, string, unknown>>>;
        }>;
        guardduty: TypeC<{
            eksProtection: OptionalType<TypeC<{
                enable: BooleanC;
                excludeRegions: OptionalType<ArrayC<EnumType<string>>>;
            }>>;
            enable: BooleanC;
            excludeRegions: OptionalType<ArrayC<EnumType<string>>>;
            exportConfiguration: TypeC<{
                destinationType: EnumType<string>;
                enable: BooleanC;
                exportFrequency: EnumType<string>;
                overrideExisting: OptionalType<BooleanC>;
                overrideGuardDutyPrefix: OptionalType<TypeC<{
                    customOverride: OptionalType<SizedType<string, Type<string, string, unknown>>>;
                    useCustomPrefix: BooleanC;
                }>>;
            }>;
            lifecycleRules: OptionalType<ArrayC<TypeC<{
                abortIncompleteMultipartUpload: OptionalType<NumberC>;
                enabled: OptionalType<BooleanC>;
                expiration: OptionalType<NumberC>;
                expiredObjectDeleteMarker: OptionalType<BooleanC>;
                id: OptionalType<StringC>;
                noncurrentVersionExpiration: OptionalType<NumberC>;
                noncurrentVersionTransitions: OptionalType<ArrayC<TypeC<{
                    storageClass: EnumType<"STANDARD_IA" | "ONEZONE_IA" | "INTELLIGENT_TIERING" | "GLACIER" | "DEEP_ARCHIVE" | "GLACIER_IR" | "Value should be an AWS S3 Storage Class.">;
                    transitionAfter: NumberC;
                }>>>;
                prefix: OptionalType<SizedType<string, Type<string, string, unknown>>>;
                transitions: OptionalType<ArrayC<TypeC<{
                    storageClass: EnumType<"STANDARD_IA" | "ONEZONE_IA" | "INTELLIGENT_TIERING" | "GLACIER" | "DEEP_ARCHIVE" | "GLACIER_IR" | "Value should be an AWS S3 Storage Class.">;
                    transitionAfter: NumberC;
                }>>>;
            }>>>;
            s3Protection: TypeC<{
                enable: BooleanC;
                excludeRegions: OptionalType<ArrayC<EnumType<string>>>;
            }>;
        }>;
        macie: TypeC<{
            enable: BooleanC;
            excludeRegions: OptionalType<ArrayC<EnumType<string>>>;
            lifecycleRules: OptionalType<ArrayC<TypeC<{
                abortIncompleteMultipartUpload: OptionalType<NumberC>;
                enabled: OptionalType<BooleanC>;
                expiration: OptionalType<NumberC>;
                expiredObjectDeleteMarker: OptionalType<BooleanC>;
                id: OptionalType<StringC>;
                noncurrentVersionExpiration: OptionalType<NumberC>;
                noncurrentVersionTransitions: OptionalType<ArrayC<TypeC<{
                    storageClass: EnumType<"STANDARD_IA" | "ONEZONE_IA" | "INTELLIGENT_TIERING" | "GLACIER" | "DEEP_ARCHIVE" | "GLACIER_IR" | "Value should be an AWS S3 Storage Class.">;
                    transitionAfter: NumberC;
                }>>>;
                prefix: OptionalType<SizedType<string, Type<string, string, unknown>>>;
                transitions: OptionalType<ArrayC<TypeC<{
                    storageClass: EnumType<"STANDARD_IA" | "ONEZONE_IA" | "INTELLIGENT_TIERING" | "GLACIER" | "DEEP_ARCHIVE" | "GLACIER_IR" | "Value should be an AWS S3 Storage Class.">;
                    transitionAfter: NumberC;
                }>>>;
            }>>>;
            policyFindingsPublishingFrequency: EnumType<string>;
            publishSensitiveDataFindings: BooleanC;
        }>;
        s3PublicAccessBlock: TypeC<{
            enable: BooleanC;
            excludeAccounts: OptionalType<ArrayC<StringC>>;
        }>;
        scpRevertChangesConfig: OptionalType<TypeC<{
            enable: BooleanC;
            snsTopicName: OptionalType<SizedType<string, Type<string, string, unknown>>>;
        }>>;
        securityHub: TypeC<{
            enable: BooleanC;
            excludeRegions: OptionalType<ArrayC<EnumType<string>>>;
            logging: OptionalType<TypeC<{
                cloudWatch: OptionalType<TypeC<{
                    enable: BooleanC;
                }>>;
            }>>;
            notificationLevel: OptionalType<StringC>;
            regionAggregation: OptionalType<BooleanC>;
            snsTopicName: OptionalType<StringC>;
            standards: ArrayC<TypeC<{
                controlsToDisable: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
                deploymentTargets: OptionalType<TypeC<{
                    accounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
                    excludedAccounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
                    excludedRegions: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
                    organizationalUnits: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
                }>>;
                enable: BooleanC;
                name: EnumType<string>;
            }>>;
        }>;
        ssmAutomation: TypeC<{
            documentSets: ArrayC<TypeC<{
                documents: ArrayC<TypeC<{
                    name: SizedType<string, Type<string, string, unknown>>;
                    template: SizedType<string, Type<string, string, unknown>>;
                }>>;
                shareTargets: TypeC<{
                    accounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
                    organizationalUnits: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
                }>;
            }>>;
            excludeRegions: OptionalType<ArrayC<EnumType<string>>>;
        }>;
    }>;
    cloudWatch: TypeC<{
        alarmSets: ArrayC<TypeC<{
            alarms: ArrayC<TypeC<{
                alarmDescription: SizedType<string, Type<string, string, unknown>>;
                alarmName: SizedType<string, Type<string, string, unknown>>;
                comparisonOperator: SizedType<string, Type<string, string, unknown>>;
                evaluationPeriods: NumberC;
                metricName: SizedType<string, Type<string, string, unknown>>;
                namespace: SizedType<string, Type<string, string, unknown>>;
                period: NumberC;
                snsAlertLevel: OptionalType<SizedType<string, Type<string, string, unknown>>>;
                snsTopicName: OptionalType<SizedType<string, Type<string, string, unknown>>>;
                statistic: SizedType<string, Type<string, string, unknown>>;
                threshold: NumberC;
                treatMissingData: SizedType<string, Type<string, string, unknown>>;
            }>>;
            deploymentTargets: TypeC<{
                accounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
                excludedAccounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
                excludedRegions: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
                organizationalUnits: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
            }>;
            regions: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
        }>>;
        logGroups: OptionalType<ArrayC<TypeC<{
            deploymentTargets: TypeC<{
                accounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
                excludedAccounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
                excludedRegions: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
                organizationalUnits: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
            }>;
            encryption: OptionalType<TypeC<{
                kmsKeyArn: OptionalType<SizedType<string, Type<string, string, unknown>>>;
                kmsKeyName: OptionalType<SizedType<string, Type<string, string, unknown>>>;
                useLzaManagedKey: OptionalType<BooleanC>;
            }>>;
            logGroupName: SizedType<string, Type<string, string, unknown>>;
            logRetentionInDays: NumberC;
            terminationProtected: OptionalType<BooleanC>;
        }>>>;
        metricSets: ArrayC<TypeC<{
            deploymentTargets: TypeC<{
                accounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
                excludedAccounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
                excludedRegions: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
                organizationalUnits: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
            }>;
            metrics: ArrayC<TypeC<{
                filterName: SizedType<string, Type<string, string, unknown>>;
                filterPattern: SizedType<string, Type<string, string, unknown>>;
                logGroupName: SizedType<string, Type<string, string, unknown>>;
                metricName: SizedType<string, Type<string, string, unknown>>;
                metricNamespace: SizedType<string, Type<string, string, unknown>>;
                metricValue: SizedType<string, Type<string, string, unknown>>;
            }>>;
            regions: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
        }>>;
    }>;
    iamPasswordPolicy: TypeC<{
        allowUsersToChangePassword: BooleanC;
        hardExpiry: BooleanC;
        maxPasswordAge: NumberC;
        minimumPasswordLength: NumberC;
        passwordReusePrevention: NumberC;
        requireLowercaseCharacters: BooleanC;
        requireNumbers: BooleanC;
        requireSymbols: BooleanC;
        requireUppercaseCharacters: BooleanC;
    }>;
    keyManagementService: OptionalType<TypeC<{
        keySets: ArrayC<TypeC<{
            alias: OptionalType<SizedType<string, Type<string, string, unknown>>>;
            deploymentTargets: TypeC<{
                accounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
                excludedAccounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
                excludedRegions: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
                organizationalUnits: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
            }>;
            description: OptionalType<SizedType<string, Type<string, string, unknown>>>;
            enableKeyRotation: OptionalType<BooleanC>;
            enabled: OptionalType<BooleanC>;
            name: SizedType<string, Type<string, string, unknown>>;
            policy: OptionalType<SizedType<string, Type<string, string, unknown>>>;
            removalPolicy: OptionalType<EnumType<string>>;
        }>>;
    }>>;
    resourcePolicyEnforcement: OptionalType<TypeC<{
        enable: BooleanC;
        networkPerimeter: OptionalType<TypeC<{
            managedVpcOnly: OptionalType<BooleanC>;
        }>>;
        policySets: ArrayC<TypeC<{
            deploymentTargets: TypeC<{
                accounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
                excludedAccounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
                excludedRegions: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
                organizationalUnits: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
            }>;
            inputParameters: OptionalType<RecordC<SizedType<string, Type<string, string, unknown>>, SizedType<string, Type<string, string, unknown>>>>;
            resourcePolicies: ArrayC<TypeC<{
                document: SizedType<string, Type<string, string, unknown>>;
                resourceType: EnumType<"IAM_ROLE" | "LAMBDA_FUNCTION" | "S3_BUCKET" | "SNS_TOPIC" | "SQS_QUEUE" | "KMS_KEY" | "SECRETS_MANAGER_SECRET" | "ECR_REPOSITORY" | "OPENSEARCH_DOMAIN" | "APIGATEWAY_REST_API" | "LEX_BOT" | "EFS_FILE_SYSTEM" | "EVENTBRIDGE_EVENTBUS" | "BACKUP_VAULT" | "CODEARTIFACT_REPOSITORY" | "CERTIFICATE_AUTHORITY">;
            }>>;
        }>>;
        remediation: TypeC<{
            automatic: BooleanC;
            maximumAutomaticAttempts: OptionalType<NumberC>;
            retryAttemptSeconds: OptionalType<NumberC>;
        }>;
    }>>;
}> = ...

`Static` `Readonly` securityHubConfig

securityHubConfig: TypeC<{
    enable: BooleanC;
    excludeRegions: OptionalType<ArrayC<EnumType<string>>>;
    logging: OptionalType<TypeC<{
        cloudWatch: OptionalType<TypeC<{
            enable: BooleanC;
        }>>;
    }>>;
    notificationLevel: OptionalType<StringC>;
    regionAggregation: OptionalType<BooleanC>;
    snsTopicName: OptionalType<StringC>;
    standards: ArrayC<TypeC<{
        controlsToDisable: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
        deploymentTargets: OptionalType<TypeC<{
            accounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
            excludedAccounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
            excludedRegions: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
            organizationalUnits: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
        }>>;
        enable: BooleanC;
        name: EnumType<string>;
    }>>;
}> = ...

`Static` `Readonly` securityHubLoggingCloudwatchConfig

securityHubLoggingCloudwatchConfig: TypeC<{
enable: BooleanC;
}> = ...

`Static` `Readonly` securityHubLoggingConfig

securityHubLoggingConfig: TypeC<{
    cloudWatch: OptionalType<TypeC<{
        enable: BooleanC;
    }>>;
}> = ...

`Static` `Readonly` securityHubStandardConfig

securityHubStandardConfig: TypeC<{
    controlsToDisable: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
    deploymentTargets: OptionalType<TypeC<{
        accounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
        excludedAccounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
        excludedRegions: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
        organizationalUnits: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
    }>>;
    enable: BooleanC;
    name: EnumType<string>;
}> = ...

AWS Security Hub standards configuration

`Static` `Readonly` snsSubscriptionConfig

snsSubscriptionConfig: TypeC<{
email: SizedType<string, Type<string, string, unknown>>;
level: SizedType<string, Type<string, string, unknown>>;
}> = ...

SNS notification subscription configuration. Deprecated Replaced by snsTopics in global config

`Static` `Readonly` ssmAutomationConfig

ssmAutomationConfig: TypeC<{
    documentSets: ArrayC<TypeC<{
        documents: ArrayC<TypeC<{
            name: SizedType<string, Type<string, string, unknown>>;
            template: SizedType<string, Type<string, string, unknown>>;
        }>>;
        shareTargets: TypeC<{
            accounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
            organizationalUnits: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
        }>;
    }>>;
    excludeRegions: OptionalType<ArrayC<EnumType<string>>>;
}> = ...

`Static` `Readonly` triggeringResourceType

triggeringResourceType: TypeC<{
    lookupKey: SizedType<string, Type<string, string, unknown>>;
    lookupType: EnumType<string>;
    lookupValue: ArrayC<SizedType<string, Type<string, string, unknown>>>;
}> = ...

Class SecurityConfigTypes

Hierarchy

Index

Constructors

Properties

Constructors

constructor

Returns SecurityConfigTypes

Properties

Static Readonly accessAnalyzerConfig

Static Readonly alarmConfig

Static Readonly alarmSetConfig

Static Readonly auditManagerConfig

Static Readonly auditManagerDefaultReportsDestinationConfig

Static Readonly awsConfig

Static Readonly awsConfigAggregation

Static Readonly awsConfigRuleSet

Static Readonly centralSecurityServicesConfig

Static Readonly cloudWatchConfig

Static Readonly configRule

Static Readonly configRuleRemediationType

Static Readonly customRuleConfigType

Static Readonly customRuleLambdaType

Static Readonly detectiveConfig

Static Readonly documentConfig

Static Readonly documentSetConfig

Static Readonly ebsDefaultVolumeEncryptionConfig

Static Readonly encryptionConfig

Static Readonly guardDutyConfig

Static Readonly guardDutyEksProtectionConfig

Static Readonly guardDutyExportFindingsConfig

Static Readonly guardDutyS3ProtectionConfig

Static Readonly iamPasswordPolicyConfig

Static Readonly keyConfig

Static Readonly keyManagementServiceConfig

Static Readonly logGroupsConfig

Static Readonly macieConfig

Static Readonly metricConfig

Static Readonly metricSetConfig

Static Readonly networkPerimeterConfig

Static Readonly remediationParametersConfigType

Static Readonly resourcePolicyConfig

Static Readonly resourcePolicyEnforcementConfig

Static Readonly resourcePolicyRemediationType

Static Readonly resourcePolicySetConfig

Static Readonly resourceTypeEnum

Static Readonly s3PublicAccessBlockConfig

Static Readonly scpRevertChangesConfig

Static Readonly securityConfig

Static Readonly securityHubConfig

Static Readonly securityHubLoggingCloudwatchConfig

Static Readonly securityHubLoggingConfig

Static Readonly securityHubStandardConfig

Static Readonly snsSubscriptionConfig

Static Readonly ssmAutomationConfig

Static Readonly triggeringResourceType

Settings

Member Visibility

Theme

`Static` `Readonly` accessAnalyzerConfig

`Static` `Readonly` alarmConfig

`Static` `Readonly` alarmSetConfig

`Static` `Readonly` auditManagerConfig

`Static` `Readonly` auditManagerDefaultReportsDestinationConfig

`Static` `Readonly` awsConfig

`Static` `Readonly` awsConfigAggregation

`Static` `Readonly` awsConfigRuleSet

`Static` `Readonly` centralSecurityServicesConfig

`Static` `Readonly` cloudWatchConfig

`Static` `Readonly` configRule

`Static` `Readonly` configRuleRemediationType

`Static` `Readonly` customRuleConfigType

`Static` `Readonly` customRuleLambdaType

`Static` `Readonly` detectiveConfig

`Static` `Readonly` documentConfig

`Static` `Readonly` documentSetConfig

`Static` `Readonly` ebsDefaultVolumeEncryptionConfig

`Static` `Readonly` encryptionConfig

`Static` `Readonly` guardDutyConfig

`Static` `Readonly` guardDutyEksProtectionConfig

`Static` `Readonly` guardDutyExportFindingsConfig

`Static` `Readonly` guardDutyS3ProtectionConfig

`Static` `Readonly` iamPasswordPolicyConfig

`Static` `Readonly` keyConfig

`Static` `Readonly` keyManagementServiceConfig

`Static` `Readonly` logGroupsConfig

`Static` `Readonly` macieConfig

`Static` `Readonly` metricConfig

`Static` `Readonly` metricSetConfig

`Static` `Readonly` networkPerimeterConfig

`Static` `Readonly` remediationParametersConfigType

`Static` `Readonly` resourcePolicyConfig

`Static` `Readonly` resourcePolicyEnforcementConfig

`Static` `Readonly` resourcePolicyRemediationType

`Static` `Readonly` resourcePolicySetConfig

`Static` `Readonly` resourceTypeEnum

`Static` `Readonly` s3PublicAccessBlockConfig

`Static` `Readonly` scpRevertChangesConfig

`Static` `Readonly` securityConfig

`Static` `Readonly` securityHubConfig

`Static` `Readonly` securityHubLoggingCloudwatchConfig

`Static` `Readonly` securityHubLoggingConfig

`Static` `Readonly` securityHubStandardConfig

`Static` `Readonly` snsSubscriptionConfig

`Static` `Readonly` ssmAutomationConfig

`Static` `Readonly` triggeringResourceType