Create Configuration Policy
| securityhub_create_configuration_policy | R Documentation |
Creates a configuration policy with the defined configuration¶
Description¶
Creates a configuration policy with the defined configuration. Only the Security Hub delegated administrator can invoke this operation from the home Region.
Usage¶
Arguments¶
Name[required] The name of the configuration policy. Alphanumeric characters and the following ASCII characters are permitted:
-, ., !, *, /.DescriptionThe description of the configuration policy.
ConfigurationPolicy[required] An object that defines how Security Hub is configured. It includes whether Security Hub is enabled or disabled, a list of enabled security standards, a list of enabled or disabled security controls, and a list of custom parameter values for specified controls. If you provide a list of security controls that are enabled in the configuration policy, Security Hub disables all other controls (including newly released controls). If you provide a list of security controls that are disabled in the configuration policy, Security Hub enables all other controls (including newly released controls).
TagsUser-defined tags associated with a configuration policy. For more information, see Tagging Security Hub resources in the Security Hub user guide.
Value¶
A list with the following syntax:
list(
Arn = "string",
Id = "string",
Name = "string",
Description = "string",
UpdatedAt = as.POSIXct(
"2015-01-01"
),
CreatedAt = as.POSIXct(
"2015-01-01"
),
ConfigurationPolicy = list(
SecurityHub = list(
ServiceEnabled = TRUE|FALSE,
EnabledStandardIdentifiers = list(
"string"
),
SecurityControlsConfiguration = list(
EnabledSecurityControlIdentifiers = list(
"string"
),
DisabledSecurityControlIdentifiers = list(
"string"
),
SecurityControlCustomParameters = list(
list(
SecurityControlId = "string",
Parameters = list(
list(
ValueType = "DEFAULT"|"CUSTOM",
Value = list(
Integer = 123,
IntegerList = list(
123
),
Double = 123.0,
String = "string",
StringList = list(
"string"
),
Boolean = TRUE|FALSE,
Enum = "string",
EnumList = list(
"string"
)
)
)
)
)
)
)
)
)
)
Request syntax¶
svc$create_configuration_policy(
Name = "string",
Description = "string",
ConfigurationPolicy = list(
SecurityHub = list(
ServiceEnabled = TRUE|FALSE,
EnabledStandardIdentifiers = list(
"string"
),
SecurityControlsConfiguration = list(
EnabledSecurityControlIdentifiers = list(
"string"
),
DisabledSecurityControlIdentifiers = list(
"string"
),
SecurityControlCustomParameters = list(
list(
SecurityControlId = "string",
Parameters = list(
list(
ValueType = "DEFAULT"|"CUSTOM",
Value = list(
Integer = 123,
IntegerList = list(
123
),
Double = 123.0,
String = "string",
StringList = list(
"string"
),
Boolean = TRUE|FALSE,
Enum = "string",
EnumList = list(
"string"
)
)
)
)
)
)
)
)
),
Tags = list(
"string"
)
)
Examples¶
## Not run:
# This operation creates a configuration policy in Security Hub.
svc$create_configuration_policy(
ConfigurationPolicy = list(
SecurityHub = list(
EnabledStandardIdentifiers = list(
"arn:aws:securityhub:us-east-1::standards/aws-foundational-security...",
"arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0"
),
SecurityControlsConfiguration = list(
DisabledSecurityControlIdentifiers = list(
"CloudWatch.1"
),
SecurityControlCustomParameters = list(
list(
Parameters = list(
daysToExpiration = list(
Value = list(
Integer = 14L
),
ValueType = "CUSTOM"
)
),
SecurityControlId = "ACM.1"
)
)
),
ServiceEnabled = TRUE
)
),
Description = "Configuration policy for testing FSBP and CIS",
Name = "TestConfigurationPolicy"
)
## End(Not run)