Class SecurityHubConfig

SecurityConfig / CentralSecurityServicesConfig / SecurityHubConfig

https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html | AWS Security Hub configuration Use this configuration to enable Amazon Security Hub for an AWS Organization along with it's auditing configuration.

Example

securityHub:
  enable: true
  regionAggregation: true
  excludeRegions: []
  standards:
    - name: AWS Foundational Security Best Practices v1.0.0
      deploymentTargets:
      organizationalUnits:
        -  Root
      enable: true
      controlsToDisable:
        # Refer to the document for the controls
        # https://docs.aws.amazon.com/securityhub/latest/userguide/fsbp-standard.html
        - Control1
        - Control2
  logging:
    cloudWatch:
      enable: true

Hierarchy

SecurityHubConfig

Implements

TypeOf<typeof securityHubConfig>

Index

Constructors

constructor

Properties

enable excludeRegions logging notificationLevel regionAggregation snsTopicName standards

Constructors

constructor

new SecurityHubConfig(): SecurityHubConfig
Returns SecurityHubConfig

Properties

`Readonly` enable

enable: false = false

Indicates whether AWS Security Hub enabled.

`Readonly` excludeRegions

excludeRegions: string[] = []

(OPTIONAL) List of AWS Region names to be excluded from configuring Security Hub

`Readonly` logging

logging: undefined | SecurityHubLoggingConfig = undefined

(OPTIONAL) Security Hub logs are sent to CloudWatch logs by default. This option can enable or disable the logging.

Remarks

By default, if nothing is given true is taken. In order to stop logging, set this parameter to false. Please note, this option can be toggled but log group with /${acceleratorPrefix}-SecurityHub will remain in the account for every enabled region and will need to be manually deleted. This is designed to ensure no accidental loss of data occurs.

`Readonly` notificationLevel

notificationLevel: undefined = undefined

(OPTIONAL) Security Hub notification level

Remarks

Note: Values accepted are CRITICAL, HIGH, MEDIUM, LOW, INFORMATIONAL

Notifications will be sent for events at the Level provided and above Example, if you specify the HIGH level notifications will be sent for HIGH and CRITICAL

`Readonly` regionAggregation

regionAggregation: false = false

(OPTIONAL) Indicates whether Security Hub results are aggregated in the Home Region.

`Readonly` snsTopicName

snsTopicName: undefined = undefined

(OPTIONAL) SNS Topic for Security Hub notifications.

Remarks

Note: Topic must exist in the global config

`Readonly` standards

standards: SecurityHubStandardConfig[] = []

Security Hub standards configuration

Class SecurityHubConfig

Example

Hierarchy

Implements

Index

Constructors

Properties

Constructors

constructor

Returns SecurityHubConfig

Properties

`Readonly` enable

`Readonly` excludeRegions

`Readonly` logging

Remarks

`Readonly` notificationLevel

Remarks

`Readonly` regionAggregation

`Readonly` snsTopicName

Remarks

`Readonly` standards

Settings

Member Visibility

Theme

Class SecurityHubConfig

Example

Hierarchy

Implements

Index

Constructors

Properties

Constructors

constructor

Returns SecurityHubConfig

Properties

Readonly enable

Readonly excludeRegions

Readonly logging

Remarks

Readonly notificationLevel

Remarks

Readonly regionAggregation

Readonly snsTopicName

Remarks

Readonly standards

Settings

Member Visibility

Theme

`Readonly` enable

`Readonly` excludeRegions

`Readonly` logging

`Readonly` notificationLevel

`Readonly` regionAggregation

`Readonly` snsTopicName

`Readonly` standards