com.pulumi.aws.securityhub.kotlin.OrganizationConfigurationArgs.kt Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of pulumi-aws-kotlin Show documentation
Show all versions of pulumi-aws-kotlin Show documentation
Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.
@file:Suppress("NAME_SHADOWING", "DEPRECATION")
package com.pulumi.aws.securityhub.kotlin
import com.pulumi.aws.securityhub.OrganizationConfigurationArgs.builder
import com.pulumi.aws.securityhub.kotlin.inputs.OrganizationConfigurationOrganizationConfigurationArgs
import com.pulumi.aws.securityhub.kotlin.inputs.OrganizationConfigurationOrganizationConfigurationArgsBuilder
import com.pulumi.core.Output
import com.pulumi.core.Output.of
import com.pulumi.kotlin.ConvertibleToJava
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.applySuspend
import kotlin.Boolean
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import kotlin.jvm.JvmName
/**
* Manages the Security Hub Organization Configuration.
* > **NOTE:** This resource requires an `aws.securityhub.OrganizationAdminAccount` to be configured (not necessarily with Pulumi). More information about managing Security Hub in an organization can be found in the [Managing administrator and member accounts](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-accounts.html) documentation.
* > **NOTE:** In order to set the `configuration_type` to `CENTRAL`, the delegated admin must be a member account of the organization and not the management account. Central configuration also requires an `aws.securityhub.FindingAggregator` to be configured.
* > **NOTE:** This is an advanced AWS resource. Pulumi will automatically assume management of the Security Hub Organization Configuration without import and perform no actions on removal from the Pulumi program.
* > **NOTE:** Deleting this resource resets security hub to a local organization configuration with auto enable false.
* ## Example Usage
* ### Local Configuration
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as aws from "@pulumi/aws";
* const example = new aws.organizations.Organization("example", {
* awsServiceAccessPrincipals: ["securityhub.amazonaws.com"],
* featureSet: "ALL",
* });
* const exampleOrganizationAdminAccount = new aws.securityhub.OrganizationAdminAccount("example", {adminAccountId: "123456789012"}, {
* dependsOn: [example],
* });
* const exampleOrganizationConfiguration = new aws.securityhub.OrganizationConfiguration("example", {autoEnable: true});
* ```
* ```python
* import pulumi
* import pulumi_aws as aws
* example = aws.organizations.Organization("example",
* aws_service_access_principals=["securityhub.amazonaws.com"],
* feature_set="ALL")
* example_organization_admin_account = aws.securityhub.OrganizationAdminAccount("example", admin_account_id="123456789012",
* opts = pulumi.ResourceOptions(depends_on=[example]))
* example_organization_configuration = aws.securityhub.OrganizationConfiguration("example", auto_enable=True)
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Aws = Pulumi.Aws;
* return await Deployment.RunAsync(() =>
* {
* var example = new Aws.Organizations.Organization("example", new()
* {
* AwsServiceAccessPrincipals = new[]
* {
* "securityhub.amazonaws.com",
* },
* FeatureSet = "ALL",
* });
* var exampleOrganizationAdminAccount = new Aws.SecurityHub.OrganizationAdminAccount("example", new()
* {
* AdminAccountId = "123456789012",
* }, new CustomResourceOptions
* {
* DependsOn =
* {
* example,
* },
* });
* var exampleOrganizationConfiguration = new Aws.SecurityHub.OrganizationConfiguration("example", new()
* {
* AutoEnable = true,
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/organizations"
* "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/securityhub"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* example, err := organizations.NewOrganization(ctx, "example", &organizations.OrganizationArgs{
* AwsServiceAccessPrincipals: pulumi.StringArray{
* pulumi.String("securityhub.amazonaws.com"),
* },
* FeatureSet: pulumi.String("ALL"),
* })
* if err != nil {
* return err
* }
* _, err = securityhub.NewOrganizationAdminAccount(ctx, "example", &securityhub.OrganizationAdminAccountArgs{
* AdminAccountId: pulumi.String("123456789012"),
* }, pulumi.DependsOn([]pulumi.Resource{
* example,
* }))
* if err != nil {
* return err
* }
* _, err = securityhub.NewOrganizationConfiguration(ctx, "example", &securityhub.OrganizationConfigurationArgs{
* AutoEnable: pulumi.Bool(true),
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.aws.organizations.Organization;
* import com.pulumi.aws.organizations.OrganizationArgs;
* import com.pulumi.aws.securityhub.OrganizationAdminAccount;
* import com.pulumi.aws.securityhub.OrganizationAdminAccountArgs;
* import com.pulumi.aws.securityhub.OrganizationConfiguration;
* import com.pulumi.aws.securityhub.OrganizationConfigurationArgs;
* import com.pulumi.resources.CustomResourceOptions;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var example = new Organization("example", OrganizationArgs.builder()
* .awsServiceAccessPrincipals("securityhub.amazonaws.com")
* .featureSet("ALL")
* .build());
* var exampleOrganizationAdminAccount = new OrganizationAdminAccount("exampleOrganizationAdminAccount", OrganizationAdminAccountArgs.builder()
* .adminAccountId("123456789012")
* .build(), CustomResourceOptions.builder()
* .dependsOn(example)
* .build());
* var exampleOrganizationConfiguration = new OrganizationConfiguration("exampleOrganizationConfiguration", OrganizationConfigurationArgs.builder()
* .autoEnable(true)
* .build());
* }
* }
* ```
* ```yaml
* resources:
* example:
* type: aws:organizations:Organization
* properties:
* awsServiceAccessPrincipals:
* - securityhub.amazonaws.com
* featureSet: ALL
* exampleOrganizationAdminAccount:
* type: aws:securityhub:OrganizationAdminAccount
* name: example
* properties:
* adminAccountId: '123456789012'
* options:
* dependson:
* - ${example}
* exampleOrganizationConfiguration:
* type: aws:securityhub:OrganizationConfiguration
* name: example
* properties:
* autoEnable: true
* ```
*
* ### Central Configuration
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as aws from "@pulumi/aws";
* const example = new aws.securityhub.OrganizationAdminAccount("example", {adminAccountId: "123456789012"}, {
* dependsOn: [exampleAwsOrganizationsOrganization],
* });
* const exampleFindingAggregator = new aws.securityhub.FindingAggregator("example", {linkingMode: "ALL_REGIONS"}, {
* dependsOn: [example],
* });
* const exampleOrganizationConfiguration = new aws.securityhub.OrganizationConfiguration("example", {
* autoEnable: false,
* autoEnableStandards: "NONE",
* organizationConfiguration: {
* configurationType: "CENTRAL",
* },
* }, {
* dependsOn: [exampleFindingAggregator],
* });
* ```
* ```python
* import pulumi
* import pulumi_aws as aws
* example = aws.securityhub.OrganizationAdminAccount("example", admin_account_id="123456789012",
* opts = pulumi.ResourceOptions(depends_on=[example_aws_organizations_organization]))
* example_finding_aggregator = aws.securityhub.FindingAggregator("example", linking_mode="ALL_REGIONS",
* opts = pulumi.ResourceOptions(depends_on=[example]))
* example_organization_configuration = aws.securityhub.OrganizationConfiguration("example",
* auto_enable=False,
* auto_enable_standards="NONE",
* organization_configuration={
* "configuration_type": "CENTRAL",
* },
* opts = pulumi.ResourceOptions(depends_on=[example_finding_aggregator]))
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Aws = Pulumi.Aws;
* return await Deployment.RunAsync(() =>
* {
* var example = new Aws.SecurityHub.OrganizationAdminAccount("example", new()
* {
* AdminAccountId = "123456789012",
* }, new CustomResourceOptions
* {
* DependsOn =
* {
* exampleAwsOrganizationsOrganization,
* },
* });
* var exampleFindingAggregator = new Aws.SecurityHub.FindingAggregator("example", new()
* {
* LinkingMode = "ALL_REGIONS",
* }, new CustomResourceOptions
* {
* DependsOn =
* {
* example,
* },
* });
* var exampleOrganizationConfiguration = new Aws.SecurityHub.OrganizationConfiguration("example", new()
* {
* AutoEnable = false,
* AutoEnableStandards = "NONE",
* OrganizationConfigurationDetails = new Aws.SecurityHub.Inputs.OrganizationConfigurationOrganizationConfigurationArgs
* {
* ConfigurationType = "CENTRAL",
* },
* }, new CustomResourceOptions
* {
* DependsOn =
* {
* exampleFindingAggregator,
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/securityhub"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* example, err := securityhub.NewOrganizationAdminAccount(ctx, "example", &securityhub.OrganizationAdminAccountArgs{
* AdminAccountId: pulumi.String("123456789012"),
* }, pulumi.DependsOn([]pulumi.Resource{
* exampleAwsOrganizationsOrganization,
* }))
* if err != nil {
* return err
* }
* exampleFindingAggregator, err := securityhub.NewFindingAggregator(ctx, "example", &securityhub.FindingAggregatorArgs{
* LinkingMode: pulumi.String("ALL_REGIONS"),
* }, pulumi.DependsOn([]pulumi.Resource{
* example,
* }))
* if err != nil {
* return err
* }
* _, err = securityhub.NewOrganizationConfiguration(ctx, "example", &securityhub.OrganizationConfigurationArgs{
* AutoEnable: pulumi.Bool(false),
* AutoEnableStandards: pulumi.String("NONE"),
* OrganizationConfiguration: &securityhub.OrganizationConfigurationOrganizationConfigurationArgs{
* ConfigurationType: pulumi.String("CENTRAL"),
* },
* }, pulumi.DependsOn([]pulumi.Resource{
* exampleFindingAggregator,
* }))
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.aws.securityhub.OrganizationAdminAccount;
* import com.pulumi.aws.securityhub.OrganizationAdminAccountArgs;
* import com.pulumi.aws.securityhub.FindingAggregator;
* import com.pulumi.aws.securityhub.FindingAggregatorArgs;
* import com.pulumi.aws.securityhub.OrganizationConfiguration;
* import com.pulumi.aws.securityhub.OrganizationConfigurationArgs;
* import com.pulumi.aws.securityhub.inputs.OrganizationConfigurationOrganizationConfigurationArgs;
* import com.pulumi.resources.CustomResourceOptions;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var example = new OrganizationAdminAccount("example", OrganizationAdminAccountArgs.builder()
* .adminAccountId("123456789012")
* .build(), CustomResourceOptions.builder()
* .dependsOn(exampleAwsOrganizationsOrganization)
* .build());
* var exampleFindingAggregator = new FindingAggregator("exampleFindingAggregator", FindingAggregatorArgs.builder()
* .linkingMode("ALL_REGIONS")
* .build(), CustomResourceOptions.builder()
* .dependsOn(example)
* .build());
* var exampleOrganizationConfiguration = new OrganizationConfiguration("exampleOrganizationConfiguration", OrganizationConfigurationArgs.builder()
* .autoEnable(false)
* .autoEnableStandards("NONE")
* .organizationConfiguration(OrganizationConfigurationOrganizationConfigurationArgs.builder()
* .configurationType("CENTRAL")
* .build())
* .build(), CustomResourceOptions.builder()
* .dependsOn(exampleFindingAggregator)
* .build());
* }
* }
* ```
* ```yaml
* resources:
* example:
* type: aws:securityhub:OrganizationAdminAccount
* properties:
* adminAccountId: '123456789012'
* options:
* dependson:
* - ${exampleAwsOrganizationsOrganization}
* exampleFindingAggregator:
* type: aws:securityhub:FindingAggregator
* name: example
* properties:
* linkingMode: ALL_REGIONS
* options:
* dependson:
* - ${example}
* exampleOrganizationConfiguration:
* type: aws:securityhub:OrganizationConfiguration
* name: example
* properties:
* autoEnable: false
* autoEnableStandards: NONE
* organizationConfiguration:
* configurationType: CENTRAL
* options:
* dependson:
* - ${exampleFindingAggregator}
* ```
*
* ## Import
* Using `pulumi import`, import an existing Security Hub enabled account using the AWS account ID. For example:
* ```sh
* $ pulumi import aws:securityhub/organizationConfiguration:OrganizationConfiguration example 123456789012
* ```
* @property autoEnable Whether to automatically enable Security Hub for new accounts in the organization.
* @property autoEnableStandards Whether to automatically enable Security Hub default standards for new member accounts in the organization. By default, this parameter is equal to `DEFAULT`, and new member accounts are automatically enabled with default Security Hub standards. To opt out of enabling default standards for new member accounts, set this parameter equal to `NONE`.
* @property organizationConfiguration Provides information about the way an organization is configured in Security Hub.
*/
public data class OrganizationConfigurationArgs(
public val autoEnable: Output? = null,
public val autoEnableStandards: Output? = null,
public val organizationConfiguration: Output? = null,
) : ConvertibleToJava {
override fun toJava(): com.pulumi.aws.securityhub.OrganizationConfigurationArgs =
com.pulumi.aws.securityhub.OrganizationConfigurationArgs.builder()
.autoEnable(autoEnable?.applyValue({ args0 -> args0 }))
.autoEnableStandards(autoEnableStandards?.applyValue({ args0 -> args0 }))
.organizationConfiguration(
organizationConfiguration?.applyValue({ args0 ->
args0.let({ args0 ->
args0.toJava()
})
}),
).build()
}
/**
* Builder for [OrganizationConfigurationArgs].
*/
@PulumiTagMarker
public class OrganizationConfigurationArgsBuilder internal constructor() {
private var autoEnable: Output? = null
private var autoEnableStandards: Output? = null
private var organizationConfiguration:
Output? = null
/**
* @param value Whether to automatically enable Security Hub for new accounts in the organization.
*/
@JvmName("vfbugxeutoivkfkw")
public suspend fun autoEnable(`value`: Output) {
this.autoEnable = value
}
/**
* @param value Whether to automatically enable Security Hub default standards for new member accounts in the organization. By default, this parameter is equal to `DEFAULT`, and new member accounts are automatically enabled with default Security Hub standards. To opt out of enabling default standards for new member accounts, set this parameter equal to `NONE`.
*/
@JvmName("otjfrbrndjwjtgqq")
public suspend fun autoEnableStandards(`value`: Output) {
this.autoEnableStandards = value
}
/**
* @param value Provides information about the way an organization is configured in Security Hub.
*/
@JvmName("yqitifhtsdpwjqkn")
public suspend fun organizationConfiguration(`value`: Output) {
this.organizationConfiguration = value
}
/**
* @param value Whether to automatically enable Security Hub for new accounts in the organization.
*/
@JvmName("wdwivadnxwdjfvom")
public suspend fun autoEnable(`value`: Boolean?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.autoEnable = mapped
}
/**
* @param value Whether to automatically enable Security Hub default standards for new member accounts in the organization. By default, this parameter is equal to `DEFAULT`, and new member accounts are automatically enabled with default Security Hub standards. To opt out of enabling default standards for new member accounts, set this parameter equal to `NONE`.
*/
@JvmName("ywslfroempxfpcgo")
public suspend fun autoEnableStandards(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.autoEnableStandards = mapped
}
/**
* @param value Provides information about the way an organization is configured in Security Hub.
*/
@JvmName("outhnduydfgbilau")
public suspend fun organizationConfiguration(`value`: OrganizationConfigurationOrganizationConfigurationArgs?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.organizationConfiguration = mapped
}
/**
* @param argument Provides information about the way an organization is configured in Security Hub.
*/
@JvmName("ituvpajdxnhyykhk")
public suspend fun organizationConfiguration(argument: suspend OrganizationConfigurationOrganizationConfigurationArgsBuilder.() -> Unit) {
val toBeMapped = OrganizationConfigurationOrganizationConfigurationArgsBuilder().applySuspend {
argument()
}.build()
val mapped = of(toBeMapped)
this.organizationConfiguration = mapped
}
internal fun build(): OrganizationConfigurationArgs = OrganizationConfigurationArgs(
autoEnable = autoEnable,
autoEnableStandards = autoEnableStandards,
organizationConfiguration = organizationConfiguration,
)
}
© 2015 - 2024 Weber Informatics LLC | Privacy Policy