AWS Fundamentals Logo
AWS Fundamentals
AWS::SecurityHub::Standard

SecurityHub Standard

The AWS::SecurityHub::Standard resource specifies the enablement of a security standard. The standard is identified by the StandardsArn property. To view a list of ASH standards and their Amazon Resource Names (ARNs), use the [DescribeStandards](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DescribeStandards.html) API operation. You must create a separate AWS::SecurityHub::Standard resource for each standard that you want to enable. For more information about ASH ...

Properties

2 configurable properties. 1 required. Click a row to see details.

Filter:
PropertyTypeFlags
StandardsArn
string
RequiredCreate-only
DisabledStandardsControls
Array<StandardsControl>

Return Values

Values returned after the resource is created. Access these with Fn::GetAtt.

AttributeTypeDescription
StandardsSubscriptionArnstring-

Sample CloudFormation Template

A minimal template with required properties and common optional ones.

template.yaml
AWSTemplateFormatVersion: "2010-09-09"
Description: Sample template for AWS::SecurityHub::Standard

Resources:
  MyResource:
    Type: AWS::SecurityHub::Standard
    Properties:
      StandardsArn: "arn:aws:service:region:account:resource"

Required IAM Permissions

Permissions CloudFormation needs in your IAM role to manage this resource.

create

securityhub:GetEnabledStandardssecurityhub:BatchEnableStandardssecurityhub:UpdateStandardsControl

read

securityhub:GetEnabledStandardssecurityhub:DescribeStandardsControls

update

securityhub:GetEnabledStandardssecurityhub:UpdateStandardsControl

delete

securityhub:GetEnabledStandardssecurityhub:BatchDisableStandards

list

securityhub:GetEnabledStandards

Learn AWS the Practical Way

Our bi-weekly newsletter teaches hands-on AWS fundamentals. No certification fluff - just practical knowledge.

Subscribe to Newsletter

Quick Facts

ServiceSecurityHub
Properties3
Required1
TaggingNot supported
Primary IDStandardsSubscriptionArn

Supported Operations

CreateReadUpdateDeleteList

Immutable After Creation

These properties cannot be changed after the resource is created. Updating them triggers a replacement.

StandardsArn

Related Resources

External Links