Enables Security Hub for this AWS account.
resource "aws_securityhub_account" "example" {}
enable_default_standards
- (Optional) Whether to enable the security standards that Security Hub has designated as automatically enabled including: AWS Foundational Security Best Practices v1.0.0
and CIS AWS Foundations Benchmark v1.2.0
. Defaults to true
.control_finding_generator
- (Optional) Updates whether the calling account has consolidated control findings turned on. If the value for this field is set to SECURITY_CONTROL
, Security Hub generates a single finding for a control check even when the check applies to multiple enabled standards. If the value for this field is set to STANDARD_CONTROL
, Security Hub generates separate findings for a control check when the check applies to multiple enabled standards. For accounts that are part of an organization, this value can only be updated in the administrator account.auto_enable_controls
- (Optional) Whether to automatically enable new controls when they are added to standards that are enabled. By default, this is set to true, and new controls are enabled automatically. To not automatically enable new controls, set this to false.This resource exports the following attributes in addition to the arguments above:
id
- AWS Account ID.arn
- ARN of the SecurityHub Hub created in the account.In Terraform v1.5.0 and later, use an import
block to import an existing Security Hub enabled account using the AWS account ID. For example:
import {
to = aws_securityhub_account.example
id = "123456789012"
}
Using terraform import
, import an existing Security Hub enabled account using the AWS account ID. For example:
% terraform import aws_securityhub_account.example 123456789012