CfnConfigurationPolicyPropsMixin
- class aws_cdk.mixins_preview.aws_securityhub.mixins.CfnConfigurationPolicyPropsMixin(props, *, strategy=None)
Bases:
MixinThe
AWS::SecurityHub::ConfigurationPolicyresource creates a central configuration policy with the defined settings.Only the AWS Security Hub CSPM delegated administrator can create this resource in the home Region. For more information, see Central configuration in Security Hub CSPM in the AWS Security Hub CSPM User Guide .
- See:
- CloudformationResource:
AWS::SecurityHub::ConfigurationPolicy
- Mixin:
true
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview import mixins from aws_cdk.mixins_preview.aws_securityhub import mixins as securityhub_mixins cfn_configuration_policy_props_mixin = securityhub_mixins.CfnConfigurationPolicyPropsMixin(securityhub_mixins.CfnConfigurationPolicyMixinProps( configuration_policy=securityhub_mixins.CfnConfigurationPolicyPropsMixin.PolicyProperty( security_hub=securityhub_mixins.CfnConfigurationPolicyPropsMixin.SecurityHubPolicyProperty( enabled_standard_identifiers=["enabledStandardIdentifiers"], security_controls_configuration=securityhub_mixins.CfnConfigurationPolicyPropsMixin.SecurityControlsConfigurationProperty( disabled_security_control_identifiers=["disabledSecurityControlIdentifiers"], enabled_security_control_identifiers=["enabledSecurityControlIdentifiers"], security_control_custom_parameters=[securityhub_mixins.CfnConfigurationPolicyPropsMixin.SecurityControlCustomParameterProperty( parameters={ "parameters_key": securityhub_mixins.CfnConfigurationPolicyPropsMixin.ParameterConfigurationProperty( value=securityhub_mixins.CfnConfigurationPolicyPropsMixin.ParameterValueProperty( boolean=False, double=123, enum="enum", enum_list=["enumList"], integer=123, integer_list=[123], string="string", string_list=["stringList"] ), value_type="valueType" ) }, security_control_id="securityControlId" )] ), service_enabled=False ) ), description="description", name="name", tags={ "tags_key": "tags" } ), strategy=mixins.PropertyMergeStrategy.OVERRIDE )
Create a mixin to apply properties to
AWS::SecurityHub::ConfigurationPolicy.- Parameters:
props (
Union[CfnConfigurationPolicyMixinProps,Dict[str,Any]]) – L1 properties to apply.strategy (
Optional[PropertyMergeStrategy]) – (experimental) Strategy for merging nested properties. Default: - PropertyMergeStrategy.MERGE
Methods
- apply_to(construct)
Apply the mixin properties to the construct.
- Parameters:
construct (
IConstruct)- Return type:
None
- supports(construct)
Check if this mixin supports the given construct.
- Parameters:
construct (
IConstruct)- Return type:
bool
Attributes
- CFN_PROPERTY_KEYS = ['configurationPolicy', 'description', 'name', 'tags']
Static Methods
- classmethod is_mixin(x)
(experimental) Checks if
xis a Mixin.- Parameters:
x (
Any) – Any object.- Return type:
bool- Returns:
true if
xis an object created from a class which extendsMixin.- Stability:
experimental
ParameterConfigurationProperty
- class CfnConfigurationPolicyPropsMixin.ParameterConfigurationProperty(*, value=None, value_type=None)
Bases:
objectAn object that provides the current value of a security control parameter and identifies whether it has been customized.
- Parameters:
value (
Union[IResolvable,ParameterValueProperty,Dict[str,Any],None]) – The current value of a control parameter.value_type (
Optional[str]) – Identifies whether a control parameter uses a custom user-defined value or subscribes to the default AWS Security Hub CSPM behavior. WhenValueTypeis set equal toDEFAULT, the default behavior can be a specific Security Hub CSPM default value, or the default behavior can be to ignore a specific parameter. WhenValueTypeis set equal toDEFAULT, Security Hub CSPM ignores user-provided input for theValuefield. WhenValueTypeis set equal toCUSTOM, theValuefield can’t be empty.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_securityhub import mixins as securityhub_mixins parameter_configuration_property = securityhub_mixins.CfnConfigurationPolicyPropsMixin.ParameterConfigurationProperty( value=securityhub_mixins.CfnConfigurationPolicyPropsMixin.ParameterValueProperty( boolean=False, double=123, enum="enum", enum_list=["enumList"], integer=123, integer_list=[123], string="string", string_list=["stringList"] ), value_type="valueType" )
Attributes
- value
The current value of a control parameter.
- value_type
Identifies whether a control parameter uses a custom user-defined value or subscribes to the default AWS Security Hub CSPM behavior.
When
ValueTypeis set equal toDEFAULT, the default behavior can be a specific Security Hub CSPM default value, or the default behavior can be to ignore a specific parameter. WhenValueTypeis set equal toDEFAULT, Security Hub CSPM ignores user-provided input for theValuefield.When
ValueTypeis set equal toCUSTOM, theValuefield can’t be empty.
ParameterValueProperty
- class CfnConfigurationPolicyPropsMixin.ParameterValueProperty(*, boolean=None, double=None, enum=None, enum_list=None, integer=None, integer_list=None, string=None, string_list=None)
Bases:
objectAn object that includes the data type of a security control parameter and its current value.
- Parameters:
boolean (
Union[bool,IResolvable,None]) – A control parameter that is a boolean.double (
Union[int,float,None]) – A control parameter that is a double.enum (
Optional[str]) – A control parameter that is an enum.enum_list (
Optional[Sequence[str]]) – A control parameter that is a list of enums.integer (
Union[int,float,None]) – A control parameter that is an integer.integer_list (
Union[Sequence[Union[int,float]],IResolvable,None]) – A control parameter that is a list of integers.string (
Optional[str]) – A control parameter that is a string.string_list (
Optional[Sequence[str]]) – A control parameter that is a list of strings.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_securityhub import mixins as securityhub_mixins parameter_value_property = securityhub_mixins.CfnConfigurationPolicyPropsMixin.ParameterValueProperty( boolean=False, double=123, enum="enum", enum_list=["enumList"], integer=123, integer_list=[123], string="string", string_list=["stringList"] )
Attributes
- boolean
A control parameter that is a boolean.
- double
A control parameter that is a double.
- enum
A control parameter that is an enum.
- enum_list
A control parameter that is a list of enums.
- integer
A control parameter that is an integer.
- integer_list
A control parameter that is a list of integers.
- string
A control parameter that is a string.
- string_list
A control parameter that is a list of strings.
PolicyProperty
- class CfnConfigurationPolicyPropsMixin.PolicyProperty(*, security_hub=None)
Bases:
objectAn object that defines how AWS Security Hub CSPM is configured.
It includes whether Security Hub CSPM is enabled or disabled, a list of enabled security standards, a list of enabled or disabled security controls, and a list of custom parameter values for specified controls. If you provide a list of security controls that are enabled in the configuration policy, Security Hub CSPM disables all other controls (including newly released controls). If you provide a list of security controls that are disabled in the configuration policy, Security Hub CSPM enables all other controls (including newly released controls).
- Parameters:
security_hub (
Union[IResolvable,SecurityHubPolicyProperty,Dict[str,Any],None]) – The AWS service that the configuration policy applies to.- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_securityhub import mixins as securityhub_mixins policy_property = securityhub_mixins.CfnConfigurationPolicyPropsMixin.PolicyProperty( security_hub=securityhub_mixins.CfnConfigurationPolicyPropsMixin.SecurityHubPolicyProperty( enabled_standard_identifiers=["enabledStandardIdentifiers"], security_controls_configuration=securityhub_mixins.CfnConfigurationPolicyPropsMixin.SecurityControlsConfigurationProperty( disabled_security_control_identifiers=["disabledSecurityControlIdentifiers"], enabled_security_control_identifiers=["enabledSecurityControlIdentifiers"], security_control_custom_parameters=[securityhub_mixins.CfnConfigurationPolicyPropsMixin.SecurityControlCustomParameterProperty( parameters={ "parameters_key": securityhub_mixins.CfnConfigurationPolicyPropsMixin.ParameterConfigurationProperty( value=securityhub_mixins.CfnConfigurationPolicyPropsMixin.ParameterValueProperty( boolean=False, double=123, enum="enum", enum_list=["enumList"], integer=123, integer_list=[123], string="string", string_list=["stringList"] ), value_type="valueType" ) }, security_control_id="securityControlId" )] ), service_enabled=False ) )
Attributes
- security_hub
The AWS service that the configuration policy applies to.
SecurityControlCustomParameterProperty
- class CfnConfigurationPolicyPropsMixin.SecurityControlCustomParameterProperty(*, parameters=None, security_control_id=None)
Bases:
objectA list of security controls and control parameter values that are included in a configuration policy.
- Parameters:
parameters (
Union[IResolvable,Mapping[str,Union[IResolvable,ParameterConfigurationProperty,Dict[str,Any]]],None]) – An object that specifies parameter values for a control in a configuration policy.security_control_id (
Optional[str]) – The ID of the security control.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_securityhub import mixins as securityhub_mixins security_control_custom_parameter_property = securityhub_mixins.CfnConfigurationPolicyPropsMixin.SecurityControlCustomParameterProperty( parameters={ "parameters_key": securityhub_mixins.CfnConfigurationPolicyPropsMixin.ParameterConfigurationProperty( value=securityhub_mixins.CfnConfigurationPolicyPropsMixin.ParameterValueProperty( boolean=False, double=123, enum="enum", enum_list=["enumList"], integer=123, integer_list=[123], string="string", string_list=["stringList"] ), value_type="valueType" ) }, security_control_id="securityControlId" )
Attributes
- parameters
An object that specifies parameter values for a control in a configuration policy.
SecurityControlsConfigurationProperty
- class CfnConfigurationPolicyPropsMixin.SecurityControlsConfigurationProperty(*, disabled_security_control_identifiers=None, enabled_security_control_identifiers=None, security_control_custom_parameters=None)
Bases:
objectAn object that defines which security controls are enabled in an AWS Security Hub CSPM configuration policy.
The enablement status of a control is aligned across all of the enabled standards in an account.
This property is required only if
ServiceEnabledis set totruein your configuration policy.- Parameters:
disabled_security_control_identifiers (
Optional[Sequence[str]]) – A list of security controls that are disabled in the configuration policy. Provide only one ofEnabledSecurityControlIdentifiersorDisabledSecurityControlIdentifiers. If you provideDisabledSecurityControlIdentifiers, Security Hub CSPM enables all other controls not in the list, and enables AutoEnableControls .enabled_security_control_identifiers (
Optional[Sequence[str]]) –A list of security controls that are enabled in the configuration policy. Provide only one of
EnabledSecurityControlIdentifiersorDisabledSecurityControlIdentifiers. If you provideEnabledSecurityControlIdentifiers, Security Hub CSPM disables all other controls not in the list, and disables AutoEnableControls .security_control_custom_parameters (
Union[IResolvable,Sequence[Union[IResolvable,SecurityControlCustomParameterProperty,Dict[str,Any]]],None]) – A list of security controls and control parameter values that are included in a configuration policy.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_securityhub import mixins as securityhub_mixins security_controls_configuration_property = securityhub_mixins.CfnConfigurationPolicyPropsMixin.SecurityControlsConfigurationProperty( disabled_security_control_identifiers=["disabledSecurityControlIdentifiers"], enabled_security_control_identifiers=["enabledSecurityControlIdentifiers"], security_control_custom_parameters=[securityhub_mixins.CfnConfigurationPolicyPropsMixin.SecurityControlCustomParameterProperty( parameters={ "parameters_key": securityhub_mixins.CfnConfigurationPolicyPropsMixin.ParameterConfigurationProperty( value=securityhub_mixins.CfnConfigurationPolicyPropsMixin.ParameterValueProperty( boolean=False, double=123, enum="enum", enum_list=["enumList"], integer=123, integer_list=[123], string="string", string_list=["stringList"] ), value_type="valueType" ) }, security_control_id="securityControlId" )] )
Attributes
- disabled_security_control_identifiers
A list of security controls that are disabled in the configuration policy.
Provide only one of
EnabledSecurityControlIdentifiersorDisabledSecurityControlIdentifiers.If you provide
DisabledSecurityControlIdentifiers, Security Hub CSPM enables all other controls not in the list, and enables AutoEnableControls .
- enabled_security_control_identifiers
A list of security controls that are enabled in the configuration policy.
Provide only one of
EnabledSecurityControlIdentifiersorDisabledSecurityControlIdentifiers.If you provide
EnabledSecurityControlIdentifiers, Security Hub CSPM disables all other controls not in the list, and disables AutoEnableControls .
- security_control_custom_parameters
A list of security controls and control parameter values that are included in a configuration policy.
SecurityHubPolicyProperty
- class CfnConfigurationPolicyPropsMixin.SecurityHubPolicyProperty(*, enabled_standard_identifiers=None, security_controls_configuration=None, service_enabled=None)
Bases:
objectAn object that defines how AWS Security Hub CSPM is configured.
The configuration policy includes whether Security Hub CSPM is enabled or disabled, a list of enabled security standards, a list of enabled or disabled security controls, and a list of custom parameter values for specified controls. If you provide a list of security controls that are enabled in the configuration policy, Security Hub CSPM disables all other controls (including newly released controls). If you provide a list of security controls that are disabled in the configuration policy, Security Hub CSPM enables all other controls (including newly released controls).
- Parameters:
enabled_standard_identifiers (
Optional[Sequence[str]]) – A list that defines which security standards are enabled in the configuration policy. This property is required only ifServiceEnabledis set totruein your configuration policy.security_controls_configuration (
Union[IResolvable,SecurityControlsConfigurationProperty,Dict[str,Any],None]) – An object that defines which security controls are enabled in the configuration policy. The enablement status of a control is aligned across all of the enabled standards in an account. This property is required only ifServiceEnabledis set to true in your configuration policy.service_enabled (
Union[bool,IResolvable,None]) – Indicates whether Security Hub CSPM is enabled in the policy.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_securityhub import mixins as securityhub_mixins security_hub_policy_property = securityhub_mixins.CfnConfigurationPolicyPropsMixin.SecurityHubPolicyProperty( enabled_standard_identifiers=["enabledStandardIdentifiers"], security_controls_configuration=securityhub_mixins.CfnConfigurationPolicyPropsMixin.SecurityControlsConfigurationProperty( disabled_security_control_identifiers=["disabledSecurityControlIdentifiers"], enabled_security_control_identifiers=["enabledSecurityControlIdentifiers"], security_control_custom_parameters=[securityhub_mixins.CfnConfigurationPolicyPropsMixin.SecurityControlCustomParameterProperty( parameters={ "parameters_key": securityhub_mixins.CfnConfigurationPolicyPropsMixin.ParameterConfigurationProperty( value=securityhub_mixins.CfnConfigurationPolicyPropsMixin.ParameterValueProperty( boolean=False, double=123, enum="enum", enum_list=["enumList"], integer=123, integer_list=[123], string="string", string_list=["stringList"] ), value_type="valueType" ) }, security_control_id="securityControlId" )] ), service_enabled=False )
Attributes
- enabled_standard_identifiers
A list that defines which security standards are enabled in the configuration policy.
This property is required only if
ServiceEnabledis set totruein your configuration policy.
- security_controls_configuration
An object that defines which security controls are enabled in the configuration policy.
The enablement status of a control is aligned across all of the enabled standards in an account.
This property is required only if
ServiceEnabledis set to true in your configuration policy.
- service_enabled
Indicates whether Security Hub CSPM is enabled in the policy.