AWS::SecurityHub::Hub

SecurityHub Hub

The AWS::SecurityHub::Hub resource represents the implementation of the AWS Security Hub service in your account. One hub resource is created for each Region in which you enable Security Hub.

Properties

4 configurable properties. Click a row to see details.

Filter:

Property	Type	Flags
`AutoEnableControls`	`boolean`
`ControlFindingGenerator`	`string`
`EnableDefaultStandards`	`boolean`	Write-only
`Tags`	`Tags`

Return Values

Values returned after the resource is created. Access these with Fn::GetAtt.

Attribute	Type	Description
`ARN`	`string`	An ARN is automatically created for the customer.
`SubscribedAt`	`string`	The date and time when Security Hub was enabled in the account.

Sample CloudFormation Template

A minimal template with required properties and common optional ones.

template.yaml

AWSTemplateFormatVersion: "2010-09-09"
Description: Sample template for AWS::SecurityHub::Hub

Resources:
  MyResource:
    Type: AWS::SecurityHub::Hub
    Properties:
      Tags:
        - Key: Environment
          Value: Production

Required IAM Permissions

Permissions CloudFormation needs in your IAM role to manage this resource.

create

securityhub:EnableSecurityHubsecurityhub:UpdateSecurityHubConfigurationsecurityhub:TagResourcesecurityhub:ListTagsForResource

read

securityhub:DescribeHubsecurityhub:ListTagsForResource

update

securityhub:DescribeHubsecurityhub:UpdateSecurityHubConfigurationsecurityhub:TagResourcesecurityhub:UntagResourcesecurityhub:ListTagsForResource

delete

securityhub:DisableSecurityHub

list

securityhub:DescribeHubsecurityhub:ListTagsForResource

Learn AWS the Practical Way

Our bi-weekly newsletter teaches hands-on AWS fundamentals. No certification fluff - just practical knowledge.

Subscribe to Newsletter

Quick Facts

ServiceSecurityHub

Properties6

Required0

TaggingSupported

Primary IDARN

Supported Operations

CreateReadUpdateDeleteList

Related Resources

External Links

AWS Documentation