AWS Security Hub Standards Control
This page shows how to write Terraform for Security Hub Standards Control and write them securely.
The Standards Control in Security Hub can be configured in Terraform with the resource name
aws_securityhub_standards_control. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
An example could not be found in GitHub.
The following arguments are supported:
standards_control_arn- (Required) The standards control ARN.
control_status– (Required) The control status could be
DISABLED. You have to specify
disabled_reason– (Optional) A description of the reason why you are disabling a security standard control. If you specify this attribute,
control_statuswill be set to
In addition to all arguments above, the following attributes are exported:
id- The standard control ARN.
control_id– The identifier of the security standard control.
control_status_updated_at– The date and time that the status of the security standard control was most recently updated.
description– The standard control longer description. Provides information about what the control is checking for.
related_requirements– The list of requirements that are related to this control.
remediation_url– A link to remediation information for the control in the Security Hub user documentation.
severity_rating– The severity of findings generated from this security standard control.
title– The standard control title.
Explanation in Terraform Registry
Disable/enable Security Hub standards control in the current region. The
aws_securityhub_standards_controlbehaves differently from normal resources, in that Terraform does not create this resource, but instead "adopts" it into management. When you delete this resource configuration, Terraform "abandons" resource as is and just removes it from the state.
CloudFormation code does not have the related resource.