aws-cdk-lib.aws_securityhub.CfnHubProps

interface CfnHubProps

LanguageType name
.NETAmazon.CDK.AWS.SecurityHub.CfnHubProps
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awssecurityhub#CfnHubProps
Javasoftware.amazon.awscdk.services.securityhub.CfnHubProps
Pythonaws_cdk.aws_securityhub.CfnHubProps
TypeScript aws-cdk-lib » aws_securityhub » CfnHubProps

Properties for defining a CfnHub.

Example

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import { aws_securityhub as securityhub } from 'aws-cdk-lib';

declare const tags: any;
const cfnHubProps: securityhub.CfnHubProps = {
  autoEnableControls: false,
  controlFindingGenerator: 'controlFindingGenerator',
  enableDefaultStandards: false,
  tags: tags,
};

Properties

NameTypeDescription
autoEnableControls?boolean | IResolvableWhether to automatically enable new controls when they are added to standards that are enabled.
controlFindingGenerator?stringSpecifies whether an account has consolidated control findings turned on or off.
enableDefaultStandards?boolean | IResolvableWhether to enable the security standards that Security Hub has designated as automatically enabled.
tags?anyAn array of key-value pairs to apply to this resource.

autoEnableControls?

Type: boolean | IResolvable (optional)

Whether to automatically enable new controls when they are added to standards that are enabled.

By default, this is set to true , and new controls are enabled automatically. To not automatically enable new controls, set this to false .


controlFindingGenerator?

Type: string (optional)

Specifies whether an account has consolidated control findings turned on or off.

If the value for this field is set to SECURITY_CONTROL , Security Hub generates a single finding for a control check even when the check applies to multiple enabled standards.

If the value for this field is set to STANDARD_CONTROL , Security Hub generates separate findings for a control check when the check applies to multiple enabled standards.

The value for this field in a member account matches the value in the administrator account. For accounts that aren't part of an organization, the default value of this field is SECURITY_CONTROL if you enabled Security Hub on or after February 23, 2023.


enableDefaultStandards?

Type: boolean | IResolvable (optional)

Whether to enable the security standards that Security Hub has designated as automatically enabled.

If you don't provide a value for EnableDefaultStandards , it is set to true , and the designated standards are automatically enabled in each AWS Region where you enable Security Hub . If you don't want to enable the designated standards, set EnableDefaultStandards to false .

Currently, the automatically enabled standards are the Center for Internet Security (CIS) AWS Foundations Benchmark v1.2.0 and AWS Foundational Security Best Practices (FSBP).


tags?

Type: any (optional)

An array of key-value pairs to apply to this resource.

For more information, see Tag .