Resource: aws_securityhub_organization_configuration

Manages the Security Hub Organization Configuration.

Example Usage

Local Configuration

resource "aws_organizations_organization" "example" {
  aws_service_access_principals = ["securityhub.amazonaws.com"]
  feature_set                   = "ALL"
}

resource "aws_securityhub_organization_admin_account" "example" {
  depends_on = [aws_organizations_organization.example]

  admin_account_id = "123456789012"
}

resource "aws_securityhub_organization_configuration" "example" {
  auto_enable = true
}

Central Configuration

resource "aws_securityhub_organization_admin_account" "example" {
  depends_on = [aws_organizations_organization.example]

  admin_account_id = "123456789012"
}

resource "aws_securityhub_finding_aggregator" "example" {
  linking_mode = "ALL_REGIONS"

  depends_on = [aws_securityhub_organization_admin_account.example]
}

resource "aws_securityhub_organization_configuration" "example" {
  auto_enable           = false
  auto_enable_standards = "NONE"
  organization_configuration {
    configuration_type = "CENTRAL"
  }

  depends_on = [aws_securityhub_finding_aggregator.example]
}

Argument Reference

This resource supports the following arguments:

organization_configuration supports the following:

Attribute Reference

This resource exports the following attributes in addition to the arguments above:

Timeouts

Configuration options:

Import

In Terraform v1.5.0 and later, use an import block to import an existing Security Hub enabled account using the AWS account ID. For example:

import {
  to = aws_securityhub_organization_configuration.example
  id = "123456789012"
}

Using terraform import, import an existing Security Hub enabled account using the AWS account ID. For example:

% terraform import aws_securityhub_organization_configuration.example 123456789012