Resource: aws_securityhub_configuration_policy_association

Manages Security Hub configuration policy associations.

Example Usage

resource "aws_securityhub_finding_aggregator" "example" {
  linking_mode = "ALL_REGIONS"
}

resource "aws_securityhub_organization_configuration" "example" {
  auto_enable           = false
  auto_enable_standards = "NONE"
  organization_configuration {
    configuration_type = "CENTRAL"
  }

  depends_on = [aws_securityhub_finding_aggregator.example]
}

resource "aws_securityhub_configuration_policy" "example" {
  name        = "Example"
  description = "This is an example configuration policy"

  configuration_policy {
    service_enabled = true
    enabled_standard_arns = [
      "arn:aws:securityhub:us-east-1::standards/aws-foundational-security-best-practices/v/1.0.0",
      "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0",
    ]
    security_controls_configuration {
      disabled_control_identifiers = []
    }
  }

  depends_on = [aws_securityhub_organization_configuration.example]
}

resource "aws_securityhub_configuration_policy_association" "account_example" {
  target_id = "123456789012"
  policy_id = aws_securityhub_configuration_policy.example.id
}

resource "aws_securityhub_configuration_policy_association" "root_example" {
  target_id = "r-abcd"
  policy_id = aws_securityhub_configuration_policy.example.id
}

resource "aws_securityhub_configuration_policy_association" "ou_example" {
  target_id = "ou-abcd-12345678"
  policy_id = aws_securityhub_configuration_policy.example.id
}

Argument Reference

This resource supports the following arguments:

Attribute Reference

This resource exports the following attributes in addition to the arguments above:

Timeouts

Configuration options:

Import

In Terraform v1.5.0 and later, use an import block to import an existing Security Hub configuration policy association using the target id. For example:

import {
  to = aws_securityhub_configuration_policy_association.example_account_association
  id = "123456789012"
}

Using terraform import, import an existing Security Hub enabled account using the universally unique identifier (UUID) of the policy. For example:

% terraform import aws_securityhub_configuration_policy_association.example_account_association 123456789012