AWS::SecurityHub::PolicyAssociationSecurityHub PolicyAssociation
The AWS::SecurityHub::PolicyAssociation resource represents the AWS Security Hub Central Configuration Policy associations in your Target. Only the AWS Security Hub delegated administrator can create the resouce from the home region.
Properties
3 configurable properties. 3 required. Click a row to see details.
Filter:
| Property | Type | Flags |
|---|---|---|
ConfigurationPolicyId | string | Required |
TargetId | string | RequiredCreate-only |
TargetType | string | RequiredCreate-only |
Return Values
Values returned after the resource is created. Access these with Fn::GetAtt.
| Attribute | Type | Description |
|---|---|---|
AssociationIdentifier | string | A unique identifier to indicates if the target has an association |
AssociationStatus | string | The current status of the association between the specified target and the configuration |
AssociationStatusMessage | string | An explanation for a FAILED value for AssociationStatus |
AssociationType | string | Indicates whether the association between the specified target and the configuration was directly applied by the Security Hub delegated administrator or inherited from a parent |
UpdatedAt | string | The date and time, in UTC and ISO 8601 format, that the configuration policy association was last updated |
Sample CloudFormation Template
A minimal template with required properties and common optional ones.
template.yaml
AWSTemplateFormatVersion: "2010-09-09"
Description: Sample template for AWS::SecurityHub::PolicyAssociation
Resources:
MyResource:
Type: AWS::SecurityHub::PolicyAssociation
Properties:
TargetId: "my-targetid"
TargetType: "ACCOUNT"
ConfigurationPolicyId: "my-configurationpolicyid"Required IAM Permissions
Permissions CloudFormation needs in your IAM role to manage this resource.
create
securityhub:StartConfigurationPolicyAssociationsecurityhub:GetConfigurationPolicyAssociationread
securityhub:GetConfigurationPolicyAssociationsecurityhub:GetConfigurationPolicyAssociationupdate
securityhub:StartConfigurationPolicyAssociationsecurityhub:GetConfigurationPolicyAssociationdelete
securityhub:StartConfigurationPolicyDisassociationsecurityhub:GetConfigurationPolicyAssociationlist
securityhub:ListConfigurationPolicyAssociationsLearn AWS the Practical Way
Our bi-weekly newsletter teaches hands-on AWS fundamentals. No certification fluff - just practical knowledge.
Subscribe to NewsletterQuick Facts
ServiceSecurityHub
Properties8
Required3
TaggingNot supported
Primary ID
AssociationIdentifierSupported Operations
CreateReadUpdateDeleteList
Immutable After Creation
These properties cannot be changed after the resource is created. Updating them triggers a replacement.
TargetIdTargetType