Skip to content

/AWS1/CL_SHBORGANIZATIONCONF

Provides information about the way an organization is configured in Security Hub.

CONSTRUCTOR

IMPORTING

Optional arguments:

iv_configurationtype TYPE /AWS1/SHBORGCONFCONFTYPE /AWS1/SHBORGCONFCONFTYPE

Indicates whether the organization uses local or central configuration.

If you use local configuration, the Security Hub delegated administrator can set AutoEnable to true and AutoEnableStandards to DEFAULT. This automatically enables Security Hub and default security standards in new organization accounts. These new account settings must be set separately in each Amazon Web Services Region, and settings may be different in each Region.

If you use central configuration, the delegated administrator can create configuration policies. Configuration policies can be used to configure Security Hub, security standards, and security controls in multiple accounts and Regions. If you want new organization accounts to use a specific configuration, you can create a configuration policy and associate it with the root or specific organizational units (OUs). New accounts will inherit the policy from the root or their assigned OU.

iv_status TYPE /AWS1/SHBORGCONFSTATUS /AWS1/SHBORGCONFSTATUS

Describes whether central configuration could be enabled as the ConfigurationType for the organization. If your ConfigurationType is local configuration, then the value of Status is always ENABLED.

iv_statusmessage TYPE /AWS1/SHBNONEMPTYSTRING /AWS1/SHBNONEMPTYSTRING

Provides an explanation if the value of Status is equal to FAILED when ConfigurationType is equal to CENTRAL.

Queryable Attributes

ConfigurationType

Indicates whether the organization uses local or central configuration.

If you use local configuration, the Security Hub delegated administrator can set AutoEnable to true and AutoEnableStandards to DEFAULT. This automatically enables Security Hub and default security standards in new organization accounts. These new account settings must be set separately in each Amazon Web Services Region, and settings may be different in each Region.

If you use central configuration, the delegated administrator can create configuration policies. Configuration policies can be used to configure Security Hub, security standards, and security controls in multiple accounts and Regions. If you want new organization accounts to use a specific configuration, you can create a configuration policy and associate it with the root or specific organizational units (OUs). New accounts will inherit the policy from the root or their assigned OU.

Accessible with the following methods

Method Description
GET_CONFIGURATIONTYPE() Getter for CONFIGURATIONTYPE, with configurable default
ASK_CONFIGURATIONTYPE() Getter for CONFIGURATIONTYPE w/ exceptions if field has no v
HAS_CONFIGURATIONTYPE() Determine if CONFIGURATIONTYPE has a value

Status

Describes whether central configuration could be enabled as the ConfigurationType for the organization. If your ConfigurationType is local configuration, then the value of Status is always ENABLED.

Accessible with the following methods

Method Description
GET_STATUS() Getter for STATUS, with configurable default
ASK_STATUS() Getter for STATUS w/ exceptions if field has no value
HAS_STATUS() Determine if STATUS has a value

StatusMessage

Provides an explanation if the value of Status is equal to FAILED when ConfigurationType is equal to CENTRAL.

Accessible with the following methods

Method Description
GET_STATUSMESSAGE() Getter for STATUSMESSAGE, with configurable default
ASK_STATUSMESSAGE() Getter for STATUSMESSAGE w/ exceptions if field has no value
HAS_STATUSMESSAGE() Determine if STATUSMESSAGE has a value