Resource: aws_securityhub_automation_rule

Terraform resource for managing an AWS Security Hub Automation Rule.

Example Usage

Basic Usage

resource "aws_securityhub_automation_rule" "example" {
  description = "Elevate finding severity to CRITICAL when specific resources such as an S3 bucket is at risk"
  rule_name   = "Elevate severity of findings that relate to important resources"
  rule_order  = 1

  actions {
    finding_fields_update {
      severity {
        label   = "CRITICAL"
        product = "0.0"
      }
      note {
        text       = "This is a critical resource. Please review ASAP."
        updated_by = "sechub-automation"
      }

      types = ["Software and Configuration Checks/Industry and Regulatory Standards"]

      user_defined_fields = {
        key = "value"
      }
    }
    type = "FINDING_FIELDS_UPDATE"
  }

  criteria {
    resource_id {
      comparison = "EQUALS"
      value      = "arn:aws:s3:::examplebucket/*"
    }
  }
}

Argument Reference

This resource supports the following arguments:

actions

The actions configuration block supports the following attributes:

criteria

The criteria configuration block supports the following attributes:

String Filter Argument reference

The string filter configuration block supports the following arguments:

Number Filter Argument reference

The number filter configuration block supports the following arguments:

Map Filter Argument reference

The map filter configuration block supports the following arguments:

Date Filter Argument reference

The date filter configuration block supports the following arguments:

date_range Argument reference

The date_range configuration block supports the following arguments:

Finding Fields Update Argument reference

The finding_fields_update configuration block supports the following arguments:

Note Argument reference

The note configuration block supports the following arguments:

The related_findings configuration block supports the following arguments:

Severity argument reference

The severity configuration block supports the following arguments:

Workflow argument reference

The workflow configuration block supports the following arguments:

Attribute Reference

This resource exports the following attributes in addition to the arguments above:

Import

In Terraform v1.5.0 and later, use an import block to import Security Hub Automation Rule using their ARN. For example:

import {
  to = aws_securityhub_automation_rule.example
  id = "arn:aws:securityhub:us-west-2:123456789012:automation-rule/473eddde-f5c4-4ae5-85c7-e922f271fffc"
}

Using terraform import, import Security Hub automation rule using their ARN. For example:

% terraform import aws_securityhub_automation_rule.example arn:aws:securityhub:us-west-2:123456789012:automation-rule/473eddde-f5c4-4ae5-85c7-e922f271fffc