aws-native.securityhub.getSecurityControl

Explore with Pulumi AI

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.27.0 published on Monday, Apr 14, 2025 by Pulumi

Using getSecurityControl

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

TypeScript
Python
Go
C#
Java
YAML

function getSecurityControl(args: GetSecurityControlArgs, opts?: InvokeOptions): Promise<GetSecurityControlResult>
function getSecurityControlOutput(args: GetSecurityControlOutputArgs, opts?: InvokeOptions): Output<GetSecurityControlResult>

def get_security_control(security_control_id: Optional[str] = None,
                         opts: Optional[InvokeOptions] = None) -> GetSecurityControlResult
def get_security_control_output(security_control_id: Optional[pulumi.Input[str]] = None,
                         opts: Optional[InvokeOptions] = None) -> Output[GetSecurityControlResult]

func LookupSecurityControl(ctx *Context, args *LookupSecurityControlArgs, opts ...InvokeOption) (*LookupSecurityControlResult, error)
func LookupSecurityControlOutput(ctx *Context, args *LookupSecurityControlOutputArgs, opts ...InvokeOption) LookupSecurityControlResultOutput

> Note: This function is named LookupSecurityControl in the Go SDK.

public static class GetSecurityControl 
{
    public static Task<GetSecurityControlResult> InvokeAsync(GetSecurityControlArgs args, InvokeOptions? opts = null)
    public static Output<GetSecurityControlResult> Invoke(GetSecurityControlInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetSecurityControlResult> getSecurityControl(GetSecurityControlArgs args, InvokeOptions options)
public static Output<GetSecurityControlResult> getSecurityControl(GetSecurityControlArgs args, InvokeOptions options)

fn::invoke:
  function: aws-native:securityhub:getSecurityControl
  arguments:
    # arguments dictionary

The following arguments are supported:

SecurityControlId string: The unique identifier of a security control across standards. Values for this field typically consist of an AWS service name and a number, such as APIGateway.3.

SecurityControlId string: The unique identifier of a security control across standards. Values for this field typically consist of an AWS service name and a number, such as APIGateway.3.

securityControlId String: The unique identifier of a security control across standards. Values for this field typically consist of an AWS service name and a number, such as APIGateway.3.

securityControlId string: The unique identifier of a security control across standards. Values for this field typically consist of an AWS service name and a number, such as APIGateway.3.

security_control_id str: The unique identifier of a security control across standards. Values for this field typically consist of an AWS service name and a number, such as APIGateway.3.

securityControlId String: The unique identifier of a security control across standards. Values for this field typically consist of an AWS service name and a number, such as APIGateway.3.

getSecurityControl Result

The following output properties are available:

LastUpdateReason string: The most recent reason for updating the customizable properties of a security control. This differs from the UpdateReason field of the BatchUpdateStandardsControlAssociations API, which tracks the reason for updating the enablement status of a control. This field accepts alphanumeric characters in addition to white spaces, dashes, and underscores.
Parameters Dictionary<string, Pulumi.AwsNative.SecurityHub.Outputs.SecurityControlParameterConfiguration>: An object that identifies the name of a control parameter, its current value, and whether it has been customized.
SecurityControlArn string: The Amazon Resource Name (ARN) for a security control across standards, such as arn:aws:securityhub:eu-central-1:123456789012:security-control/S3.1. This parameter doesn't mention a specific standard.

LastUpdateReason string: The most recent reason for updating the customizable properties of a security control. This differs from the UpdateReason field of the BatchUpdateStandardsControlAssociations API, which tracks the reason for updating the enablement status of a control. This field accepts alphanumeric characters in addition to white spaces, dashes, and underscores.
Parameters map[string]SecurityControlParameterConfiguration: An object that identifies the name of a control parameter, its current value, and whether it has been customized.
SecurityControlArn string: The Amazon Resource Name (ARN) for a security control across standards, such as arn:aws:securityhub:eu-central-1:123456789012:security-control/S3.1. This parameter doesn't mention a specific standard.

lastUpdateReason String: The most recent reason for updating the customizable properties of a security control. This differs from the UpdateReason field of the BatchUpdateStandardsControlAssociations API, which tracks the reason for updating the enablement status of a control. This field accepts alphanumeric characters in addition to white spaces, dashes, and underscores.
parameters Map<String,SecurityControlParameterConfiguration>: An object that identifies the name of a control parameter, its current value, and whether it has been customized.
securityControlArn String: The Amazon Resource Name (ARN) for a security control across standards, such as arn:aws:securityhub:eu-central-1:123456789012:security-control/S3.1. This parameter doesn't mention a specific standard.

lastUpdateReason string: The most recent reason for updating the customizable properties of a security control. This differs from the UpdateReason field of the BatchUpdateStandardsControlAssociations API, which tracks the reason for updating the enablement status of a control. This field accepts alphanumeric characters in addition to white spaces, dashes, and underscores.
parameters {[key: string]: SecurityControlParameterConfiguration}: An object that identifies the name of a control parameter, its current value, and whether it has been customized.
securityControlArn string: The Amazon Resource Name (ARN) for a security control across standards, such as arn:aws:securityhub:eu-central-1:123456789012:security-control/S3.1. This parameter doesn't mention a specific standard.

last_update_reason str: The most recent reason for updating the customizable properties of a security control. This differs from the UpdateReason field of the BatchUpdateStandardsControlAssociations API, which tracks the reason for updating the enablement status of a control. This field accepts alphanumeric characters in addition to white spaces, dashes, and underscores.
parameters Mapping[str, SecurityControlParameterConfiguration]: An object that identifies the name of a control parameter, its current value, and whether it has been customized.
security_control_arn str: The Amazon Resource Name (ARN) for a security control across standards, such as arn:aws:securityhub:eu-central-1:123456789012:security-control/S3.1. This parameter doesn't mention a specific standard.

lastUpdateReason String: The most recent reason for updating the customizable properties of a security control. This differs from the UpdateReason field of the BatchUpdateStandardsControlAssociations API, which tracks the reason for updating the enablement status of a control. This field accepts alphanumeric characters in addition to white spaces, dashes, and underscores.
parameters Map<Property Map>: An object that identifies the name of a control parameter, its current value, and whether it has been customized.
securityControlArn String: The Amazon Resource Name (ARN) for a security control across standards, such as arn:aws:securityhub:eu-central-1:123456789012:security-control/S3.1. This parameter doesn't mention a specific standard.

Supporting Types

SecurityControlParameterConfiguration

ValueType Pulumi.AwsNative.SecurityHub.SecurityControlParameterConfigurationValueType

Identifies whether a control parameter uses a custom user-defined value or subscribes to the default AWS Security Hub behavior.

When ValueType is set equal to DEFAULT , the default behavior can be a specific Security Hub default value, or the default behavior can be to ignore a specific parameter. When ValueType is set equal to DEFAULT , Security Hub ignores user-provided input for the Value field.

When ValueType is set equal to CUSTOM , the Value field can't be empty.

Value Pulumi.AwsNative.SecurityHub.Inputs.SecurityControlParameterValue