AWS::SecurityHub::OrganizationConfiguration

SecurityHub OrganizationConfiguration

The AWS::SecurityHub::OrganizationConfiguration resource represents the configuration of your organization in Security Hub. Only the Security Hub administrator account can create Organization Configuration resource in each region and can opt-in to Central Configuration only in the aggregation region of FindingAggregator.

Properties

3 configurable properties. 1 required. Click a row to see details.

Filter:

Property	Type	Flags
`AutoEnable`	`boolean`	Required
`AutoEnableStandards`	`string`
`ConfigurationType`	`string`

Return Values

Values returned after the resource is created. Access these with Fn::GetAtt.

Attribute	Type	Description
`MemberAccountLimitReached`	`boolean`	Whether the maximum number of allowed member accounts are already associated with the Security Hub administrator account.
`OrganizationConfigurationIdentifier`	`string`	The identifier of the OrganizationConfiguration being created and assigned as the unique identifier.
`Status`	`string`	Describes whether central configuration could be enabled as the ConfigurationType for the organization.
`StatusMessage`	`string`	Provides an explanation if the value of Status is equal to FAILED when ConfigurationType is equal to CENTRAL.

Sample CloudFormation Template

A minimal template with required properties and common optional ones.

template.yaml

AWSTemplateFormatVersion: "2010-09-09"
Description: Sample template for AWS::SecurityHub::OrganizationConfiguration

Resources:
  MyResource:
    Type: AWS::SecurityHub::OrganizationConfiguration
    Properties:
      AutoEnable: true

Required IAM Permissions

Permissions CloudFormation needs in your IAM role to manage this resource.

create

securityhub:UpdateOrganizationConfigurationsecurityhub:DescribeOrganizationConfigurationorganizations:DescribeOrganization

read

securityhub:DescribeOrganizationConfiguration

update

securityhub:UpdateOrganizationConfigurationsecurityhub:DescribeOrganizationConfigurationorganizations:DescribeOrganization

delete

securityhub:UpdateOrganizationConfigurationsecurityhub:DescribeOrganizationConfigurationsecurityhub:ListFindingAggregatorsorganizations:DescribeOrganization

list

securityhub:DescribeOrganizationConfiguration

Learn AWS the Practical Way

Our bi-weekly newsletter teaches hands-on AWS fundamentals. No certification fluff - just practical knowledge.

Subscribe to Newsletter

Quick Facts

ServiceSecurityHub

Properties7

Required1

TaggingNot supported

Primary IDOrganizationConfigurationIdentifier

Supported Operations

CreateReadUpdateDeleteList

Related Resources

External Links

AWS Documentation