SecurityConfig / CentralSecurityServicesConfig / SecurityHubConfig

AWS SecurityHub configuration

Example

securityHub:
enable: true
regionAggregation: true
excludeRegions: []
standards:
- name: AWS Foundational Security Best Practices v1.0.0
enable: true
controlsToDisable:
- IAM.1
- EC2.10

Hierarchy

  • SecurityHubConfig

Implements

Constructors

Properties

enable: false = false

Indicates whether AWS SecurityHub enabled.

excludeRegions: ("af-south-1" | "ap-east-1" | "ap-south-1" | "ap-southeast-1" | "ap-southeast-2" | "ap-southeast-3" | "ap-northeast-1" | "ap-northeast-2" | "ap-northeast-3" | "ca-central-1" | "eu-central-1" | "eu-west-1" | "eu-west-2" | "eu-west-3" | "eu-north-1" | "eu-south-1" | "eu-south-2" | "me-central-1" | "me-south-1" | "sa-east-1" | "us-east-1" | "us-east-2" | "us-west-1" | "us-west-2" | "cn-north-1" | "cn-northwest-1" | "eu-central-2" | "ap-south-2" | "us-gov-west-1" | "us-gov-east-1" | "us-iso-east-1" | "us-iso-west-1" | "us-isob-east-1" | "ap-southeast-4")[] = []

List of AWS Region names to be excluded from configuring SecurityHub

notificationLevel: undefined = undefined

SecurityHub notification level Values accepted CRITICAL, HIGH, MEDIUM, LOW, INFORMATIONAL Notifications will be sent for events at the Level provided and above Example, if you specify the HIGH level notifications will be sent for HIGH and CRITICAL

regionAggregation: false = false

Indicates whether SecurityHub results are aggregated in the Home Region

snsTopicName: undefined = undefined

SNS Topic for Security Hub notifications Topic must exist in the global config

standards: SecurityHubStandardConfig[] = []

SecurityHub standards configuration

Generated using TypeDoc