AWS Security Hub Standards Control

This page shows how to write Terraform for Security Hub Standards Control and write them securely.

aws_securityhub_standards_control (Terraform)

The Standards Control in Security Hub can be configured in Terraform with the resource name aws_securityhub_standards_control. The following sections describe how to use the resource and its parameters.

Example Usage from GitHub

An example could not be found in GitHub.

Review your Terraform file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).


The following arguments are supported:

  • standards_control_arn - (Required) The standards control ARN.
  • control_status – (Required) The control status could be ENABLED or DISABLED. You have to specify disabled_reason argument for DISABLED control status.
  • disabled_reason – (Optional) A description of the reason why you are disabling a security standard control. If you specify this attribute, control_status will be set to DISABLED automatically.

In addition to all arguments above, the following attributes are exported:

  • id - The standard control ARN.
  • control_id – The identifier of the security standard control.
  • control_status_updated_at – The date and time that the status of the security standard control was most recently updated.
  • description – The standard control longer description. Provides information about what the control is checking for.
  • related_requirements – The list of requirements that are related to this control.
  • remediation_url – A link to remediation information for the control in the Security Hub user documentation.
  • severity_rating – The severity of findings generated from this security standard control.
  • title – The standard control title.

Explanation in Terraform Registry

Disable/enable Security Hub standards control in the current region. The aws_securityhub_standards_control behaves differently from normal resources, in that Terraform does not create this resource, but instead "adopts" it into management. When you delete this resource configuration, Terraform "abandons" resource as is and just removes it from the state.

CloudFormation Example

CloudFormation code does not have the related resource.

Frequently asked questions

What is AWS Security Hub Standards Control?

AWS Security Hub Standards Control is a resource for Security Hub of Amazon Web Service. Settings can be wrote in Terraform.


Automate config file reviews on your commits

Fix issues in your infrastructure as code with auto-generated patches.