AWS Fundamentals Logo
AWS Fundamentals
L1 ConstructAWS::SecurityHub::SecurityControl

CfnSecurityControl

The `AWS::SecurityHub::SecurityControl` resource specifies custom parameter values for an AWS Security Hub CSPM control. For a list of controls that support custom parameters, see [Security Hub CSPM controls reference](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-controls-reference.html) . You can also use this resource to specify the use of default parameter values for a control. For more information about custom parameters, see [Custom control parameters](https://docs.aws.amazon.com/securityhub/latest/userguide/custom-control-parameters.html) in the *AWS Security Hub CSPM User Guide* . Tags aren't supported for this resource.

Import

import { CfnSecurityControl } from 'aws-cdk-lib/aws-securityhub';

Or use the module namespace:

import * as securityhub from 'aws-cdk-lib/aws-securityhub';
// securityhub.CfnSecurityControl

Properties

Configuration passed to the constructor as CfnSecurityControlProps.

parametersRequired
IResolvable | { [key: string]: IResolvable | ParameterConfigurationProperty }

An object that identifies the name of a control parameter, its current value, and whether it has been customized.

lastUpdateReasonOptional
string

The most recent reason for updating the customizable properties of a security control. This differs from the `UpdateReason` field of the [`BatchUpdateStandardsControlAssociations`](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchUpdateStandardsControlAssociations.html) API, which tracks the reason for updating the enablement status of a control. This field accepts alphanumeric characters in addition to white spaces, dashes, and underscores.

securityControlArnOptional
string

The Amazon Resource Name (ARN) for a security control across standards, such as `arn:aws:securityhub:eu-central-1:123456789012:security-control/S3.1` . This parameter doesn't mention a specific standard.

securityControlIdOptional
string

The unique identifier of a security control across standards. Values for this field typically consist of an AWS service name and a number, such as APIGateway.3.

CloudFormation Resource

This L1 construct maps directly to the following CloudFormation resource type.

AWS::SecurityHub::SecurityControlView in CloudFormation Explorer

Learn AWS the Practical Way

Our bi-weekly newsletter teaches hands-on AWS fundamentals. No certification fluff - just practical knowledge.

Subscribe to Newsletter

Quick Facts

LevelL1 (CloudFormation)
Moduleaws-securityhub
CFN TypeAWS::SecurityHub::SecurityControl
Properties4

Related Constructs

Explore This Service

External Links