Resource: aws_securityhub_finding_aggregator

Manages a Security Hub finding aggregator. Security Hub needs to be enabled in a region in order for the aggregator to pull through findings.

Example Usage

All Regions Usage

The following example will enable the aggregator for every region.

resource "aws_securityhub_account" "example" {}

resource "aws_securityhub_finding_aggregator" "example" {
  linking_mode = "ALL_REGIONS"

  depends_on = [aws_securityhub_account.example]
}

All Regions Except Specified Regions Usage

The following example will enable the aggregator for every region except those specified in specified_regions.

resource "aws_securityhub_account" "example" {}

resource "aws_securityhub_finding_aggregator" "example" {
  linking_mode      = "ALL_REGIONS_EXCEPT_SPECIFIED"
  specified_regions = ["eu-west-1", "eu-west-2"]

  depends_on = [aws_securityhub_account.example]
}

Specified Regions Usage

The following example will enable the aggregator for every region specified in specified_regions.

resource "aws_securityhub_account" "example" {}

resource "aws_securityhub_finding_aggregator" "example" {
  linking_mode      = "SPECIFIED_REGIONS"
  specified_regions = ["eu-west-1", "eu-west-2"]

  depends_on = [aws_securityhub_account.example]
}

Argument Reference

This resource supports the following arguments:

Attribute Reference

This resource exports the following attributes in addition to the arguments above:

Import

In Terraform v1.5.0 and later, use an import block to import an existing Security Hub finding aggregator using the arn. For example:

import {
  to = aws_securityhub_finding_aggregator.example
  id = "arn:aws:securityhub:eu-west-1:123456789098:finding-aggregator/abcd1234-abcd-1234-1234-abcdef123456"
}

Using terraform import, import an existing Security Hub finding aggregator using the arn. For example:

% terraform import aws_securityhub_finding_aggregator.example arn:aws:securityhub:eu-west-1:123456789098:finding-aggregator/abcd1234-abcd-1234-1234-abcdef123456