Docs Home
We recommend new projects start with resources from the AWS provider.
AWS Cloud Control v1.27.0 published on Monday, Apr 14, 2025 by Pulumi
aws-native.securityhub.Hub
Explore with Pulumi AI
We recommend new projects start with resources from the AWS provider.
AWS Cloud Control v1.27.0 published on Monday, Apr 14, 2025 by Pulumi
The AWS::SecurityHub::Hub resource represents the implementation of the AWS Security Hub service in your account. One hub resource is created for each Region in which you enable Security Hub.
Example Usage
Example
Example
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AwsNative = Pulumi.AwsNative;
return await Deployment.RunAsync(() =>
{
var exampleHubWithTags = new AwsNative.SecurityHub.Hub("exampleHubWithTags", new()
{
Tags =
{
{ "key1", "value1" },
{ "key2", "value2" },
},
EnableDefaultStandards = true,
ControlFindingGenerator = "SECURITY_CONTROL",
});
return new Dictionary<string, object?>
{
["hubArn"] = exampleHubWithTags.Id,
};
});
package main
import (
"github.com/pulumi/pulumi-aws-native/sdk/go/aws/securityhub"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
exampleHubWithTags, err := securityhub.NewHub(ctx, "exampleHubWithTags", &securityhub.HubArgs{
Tags: pulumi.StringMap{
"key1": pulumi.String("value1"),
"key2": pulumi.String("value2"),
},
EnableDefaultStandards: pulumi.Bool(true),
ControlFindingGenerator: pulumi.String("SECURITY_CONTROL"),
})
if err != nil {
return err
}
ctx.Export("hubArn", exampleHubWithTags.ID())
return nil
})
}
Coming soon!
import * as pulumi from "@pulumi/pulumi";
import * as aws_native from "@pulumi/aws-native";
const exampleHubWithTags = new aws_native.securityhub.Hub("exampleHubWithTags", {
tags: {
key1: "value1",
key2: "value2",
},
enableDefaultStandards: true,
controlFindingGenerator: "SECURITY_CONTROL",
});
export const hubArn = exampleHubWithTags.id;
import pulumi
import pulumi_aws_native as aws_native
example_hub_with_tags = aws_native.securityhub.Hub("exampleHubWithTags",
tags={
"key1": "value1",
"key2": "value2",
},
enable_default_standards=True,
control_finding_generator="SECURITY_CONTROL")
pulumi.export("hubArn", example_hub_with_tags.id)
Coming soon!
Example
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AwsNative = Pulumi.AwsNative;
return await Deployment.RunAsync(() =>
{
var exampleHubWithTags = new AwsNative.SecurityHub.Hub("exampleHubWithTags", new()
{
Tags =
{
{ "key1", "value1" },
{ "key2", "value2" },
},
EnableDefaultStandards = false,
ControlFindingGenerator = "STANDARD_CONTROL",
});
return new Dictionary<string, object?>
{
["hubArn"] = exampleHubWithTags.Id,
};
});
package main
import (
"github.com/pulumi/pulumi-aws-native/sdk/go/aws/securityhub"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
exampleHubWithTags, err := securityhub.NewHub(ctx, "exampleHubWithTags", &securityhub.HubArgs{
Tags: pulumi.StringMap{
"key1": pulumi.String("value1"),
"key2": pulumi.String("value2"),
},
EnableDefaultStandards: pulumi.Bool(false),
ControlFindingGenerator: pulumi.String("STANDARD_CONTROL"),
})
if err != nil {
return err
}
ctx.Export("hubArn", exampleHubWithTags.ID())
return nil
})
}
Coming soon!
import * as pulumi from "@pulumi/pulumi";
import * as aws_native from "@pulumi/aws-native";
const exampleHubWithTags = new aws_native.securityhub.Hub("exampleHubWithTags", {
tags: {
key1: "value1",
key2: "value2",
},
enableDefaultStandards: false,
controlFindingGenerator: "STANDARD_CONTROL",
});
export const hubArn = exampleHubWithTags.id;
import pulumi
import pulumi_aws_native as aws_native
example_hub_with_tags = aws_native.securityhub.Hub("exampleHubWithTags",
tags={
"key1": "value1",
"key2": "value2",
},
enable_default_standards=False,
control_finding_generator="STANDARD_CONTROL")
pulumi.export("hubArn", example_hub_with_tags.id)
Coming soon!
Example
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AwsNative = Pulumi.AwsNative;
return await Deployment.RunAsync(() =>
{
var exampleHubWithTags = new AwsNative.SecurityHub.Hub("exampleHubWithTags", new()
{
Tags =
{
{ "key1", "value1" },
{ "key2", "value2" },
},
EnableDefaultStandards = false,
ControlFindingGenerator = "STANDARD_CONTROL",
});
return new Dictionary<string, object?>
{
["hubArn"] = exampleHubWithTags.Id,
};
});
package main
import (
"github.com/pulumi/pulumi-aws-native/sdk/go/aws/securityhub"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
exampleHubWithTags, err := securityhub.NewHub(ctx, "exampleHubWithTags", &securityhub.HubArgs{
Tags: pulumi.StringMap{
"key1": pulumi.String("value1"),
"key2": pulumi.String("value2"),
},
EnableDefaultStandards: pulumi.Bool(false),
ControlFindingGenerator: pulumi.String("STANDARD_CONTROL"),
})
if err != nil {
return err
}
ctx.Export("hubArn", exampleHubWithTags.ID())
return nil
})
}
Coming soon!
import * as pulumi from "@pulumi/pulumi";
import * as aws_native from "@pulumi/aws-native";
const exampleHubWithTags = new aws_native.securityhub.Hub("exampleHubWithTags", {
tags: {
key1: "value1",
key2: "value2",
},
enableDefaultStandards: false,
controlFindingGenerator: "STANDARD_CONTROL",
});
export const hubArn = exampleHubWithTags.id;
import pulumi
import pulumi_aws_native as aws_native
example_hub_with_tags = aws_native.securityhub.Hub("exampleHubWithTags",
tags={
"key1": "value1",
"key2": "value2",
},
enable_default_standards=False,
control_finding_generator="STANDARD_CONTROL")
pulumi.export("hubArn", example_hub_with_tags.id)
Coming soon!
Create Hub Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Hub(name: string, args?: HubArgs, opts?: CustomResourceOptions);@overload
def Hub(resource_name: str,
args: Optional[HubArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def Hub(resource_name: str,
opts: Optional[ResourceOptions] = None,
auto_enable_controls: Optional[bool] = None,
control_finding_generator: Optional[str] = None,
enable_default_standards: Optional[bool] = None,
tags: Optional[Mapping[str, str]] = None)func NewHub(ctx *Context, name string, args *HubArgs, opts ...ResourceOption) (*Hub, error)public Hub(string name, HubArgs? args = null, CustomResourceOptions? opts = null)type: aws-native:securityhub:Hub
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name
This property is required. string - The unique name of the resource.
- args HubArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name
This property is required. str - The unique name of the resource.
- args HubArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name
This property is required. string - The unique name of the resource.
- args HubArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name
This property is required. string - The unique name of the resource.
- args HubArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name
This property is required. String - The unique name of the resource.
- args
This property is required. HubArgs - The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Hub Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Hub resource accepts the following input properties:
- Auto
Enable boolControls - Whether to automatically enable new controls when they are added to standards that are enabled
- Control
Finding stringGenerator - This field, used when enabling Security Hub, specifies whether the calling account has consolidated control findings turned on. If the value for this field is set to SECURITY_CONTROL, Security Hub generates a single finding for a control check even when the check applies to multiple enabled standards. If the value for this field is set to STANDARD_CONTROL, Security Hub generates separate findings for a control check when the check applies to multiple enabled standards.
- Enable
Default boolStandards - Whether to enable the security standards that Security Hub has designated as automatically enabled.
- Dictionary<string, string>
An array of key-value pairs to apply to this resource.
For more information, see Tag .
- Auto
Enable boolControls - Whether to automatically enable new controls when they are added to standards that are enabled
- Control
Finding stringGenerator - This field, used when enabling Security Hub, specifies whether the calling account has consolidated control findings turned on. If the value for this field is set to SECURITY_CONTROL, Security Hub generates a single finding for a control check even when the check applies to multiple enabled standards. If the value for this field is set to STANDARD_CONTROL, Security Hub generates separate findings for a control check when the check applies to multiple enabled standards.
- Enable
Default boolStandards - Whether to enable the security standards that Security Hub has designated as automatically enabled.
- map[string]string
An array of key-value pairs to apply to this resource.
For more information, see Tag .
- auto
Enable BooleanControls - Whether to automatically enable new controls when they are added to standards that are enabled
- control
Finding StringGenerator - This field, used when enabling Security Hub, specifies whether the calling account has consolidated control findings turned on. If the value for this field is set to SECURITY_CONTROL, Security Hub generates a single finding for a control check even when the check applies to multiple enabled standards. If the value for this field is set to STANDARD_CONTROL, Security Hub generates separate findings for a control check when the check applies to multiple enabled standards.
- enable
Default BooleanStandards - Whether to enable the security standards that Security Hub has designated as automatically enabled.
- Map<String,String>
An array of key-value pairs to apply to this resource.
For more information, see Tag .
- auto
Enable booleanControls - Whether to automatically enable new controls when they are added to standards that are enabled
- control
Finding stringGenerator - This field, used when enabling Security Hub, specifies whether the calling account has consolidated control findings turned on. If the value for this field is set to SECURITY_CONTROL, Security Hub generates a single finding for a control check even when the check applies to multiple enabled standards. If the value for this field is set to STANDARD_CONTROL, Security Hub generates separate findings for a control check when the check applies to multiple enabled standards.
- enable
Default booleanStandards - Whether to enable the security standards that Security Hub has designated as automatically enabled.
- {[key: string]: string}
An array of key-value pairs to apply to this resource.
For more information, see Tag .
- auto_
enable_ boolcontrols - Whether to automatically enable new controls when they are added to standards that are enabled
- control_
finding_ strgenerator - This field, used when enabling Security Hub, specifies whether the calling account has consolidated control findings turned on. If the value for this field is set to SECURITY_CONTROL, Security Hub generates a single finding for a control check even when the check applies to multiple enabled standards. If the value for this field is set to STANDARD_CONTROL, Security Hub generates separate findings for a control check when the check applies to multiple enabled standards.
- enable_
default_ boolstandards - Whether to enable the security standards that Security Hub has designated as automatically enabled.
- Mapping[str, str]
An array of key-value pairs to apply to this resource.
For more information, see Tag .
- auto
Enable BooleanControls - Whether to automatically enable new controls when they are added to standards that are enabled
- control
Finding StringGenerator - This field, used when enabling Security Hub, specifies whether the calling account has consolidated control findings turned on. If the value for this field is set to SECURITY_CONTROL, Security Hub generates a single finding for a control check even when the check applies to multiple enabled standards. If the value for this field is set to STANDARD_CONTROL, Security Hub generates separate findings for a control check when the check applies to multiple enabled standards.
- enable
Default BooleanStandards - Whether to enable the security standards that Security Hub has designated as automatically enabled.
- Map<String>
An array of key-value pairs to apply to this resource.
For more information, see Tag .
Outputs
All input properties are implicitly available as output properties. Additionally, the Hub resource produces the following output properties:
- Arn string
- An ARN is automatically created for the customer.
- Id string
- The provider-assigned unique ID for this managed resource.
- Subscribed
At string - The date and time when Security Hub was enabled in the account.
- Arn string
- An ARN is automatically created for the customer.
- Id string
- The provider-assigned unique ID for this managed resource.
- Subscribed
At string - The date and time when Security Hub was enabled in the account.
- arn String
- An ARN is automatically created for the customer.
- id String
- The provider-assigned unique ID for this managed resource.
- subscribed
At String - The date and time when Security Hub was enabled in the account.
- arn string
- An ARN is automatically created for the customer.
- id string
- The provider-assigned unique ID for this managed resource.
- subscribed
At string - The date and time when Security Hub was enabled in the account.
- arn str
- An ARN is automatically created for the customer.
- id str
- The provider-assigned unique ID for this managed resource.
- subscribed_
at str - The date and time when Security Hub was enabled in the account.
- arn String
- An ARN is automatically created for the customer.
- id String
- The provider-assigned unique ID for this managed resource.
- subscribed
At String - The date and time when Security Hub was enabled in the account.
Package Details
- Repository
- AWS Native pulumi/pulumi-aws-native
- License
- Apache-2.0
We recommend new projects start with resources from the AWS provider.
AWS Cloud Control v1.27.0 published on Monday, Apr 14, 2025 by Pulumi