We recommend new projects start with resources from the AWS provider.
aws-native.securityhub.Hub
Explore with Pulumi AI
We recommend new projects start with resources from the AWS provider.
The AWS::SecurityHub::Hub resource represents the implementation of the AWS Security Hub service in your account. One hub resource is created for each Region in which you enable Security Hub.
Example Usage
Example
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AwsNative = Pulumi.AwsNative;
return await Deployment.RunAsync(() => 
{
    var exampleHubWithTags = new AwsNative.SecurityHub.Hub("exampleHubWithTags", new()
    {
        Tags = 
        {
            { "key1", "value1" },
            { "key2", "value2" },
        },
        EnableDefaultStandards = true,
        ControlFindingGenerator = "SECURITY_CONTROL",
    });
    return new Dictionary<string, object?>
    {
        ["hubArn"] = exampleHubWithTags.Id,
    };
});
package main
import (
	"github.com/pulumi/pulumi-aws-native/sdk/go/aws/securityhub"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleHubWithTags, err := securityhub.NewHub(ctx, "exampleHubWithTags", &securityhub.HubArgs{
			Tags: pulumi.StringMap{
				"key1": pulumi.String("value1"),
				"key2": pulumi.String("value2"),
			},
			EnableDefaultStandards:  pulumi.Bool(true),
			ControlFindingGenerator: pulumi.String("SECURITY_CONTROL"),
		})
		if err != nil {
			return err
		}
		ctx.Export("hubArn", exampleHubWithTags.ID())
		return nil
	})
}
Coming soon!
import * as pulumi from "@pulumi/pulumi";
import * as aws_native from "@pulumi/aws-native";
const exampleHubWithTags = new aws_native.securityhub.Hub("exampleHubWithTags", {
    tags: {
        key1: "value1",
        key2: "value2",
    },
    enableDefaultStandards: true,
    controlFindingGenerator: "SECURITY_CONTROL",
});
export const hubArn = exampleHubWithTags.id;
import pulumi
import pulumi_aws_native as aws_native
example_hub_with_tags = aws_native.securityhub.Hub("exampleHubWithTags",
    tags={
        "key1": "value1",
        "key2": "value2",
    },
    enable_default_standards=True,
    control_finding_generator="SECURITY_CONTROL")
pulumi.export("hubArn", example_hub_with_tags.id)
Coming soon!
Example
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AwsNative = Pulumi.AwsNative;
return await Deployment.RunAsync(() => 
{
    var exampleHubWithTags = new AwsNative.SecurityHub.Hub("exampleHubWithTags", new()
    {
        Tags = 
        {
            { "key1", "value1" },
            { "key2", "value2" },
        },
        EnableDefaultStandards = true,
        ControlFindingGenerator = "SECURITY_CONTROL",
    });
    return new Dictionary<string, object?>
    {
        ["hubArn"] = exampleHubWithTags.Id,
    };
});
package main
import (
	"github.com/pulumi/pulumi-aws-native/sdk/go/aws/securityhub"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleHubWithTags, err := securityhub.NewHub(ctx, "exampleHubWithTags", &securityhub.HubArgs{
			Tags: pulumi.StringMap{
				"key1": pulumi.String("value1"),
				"key2": pulumi.String("value2"),
			},
			EnableDefaultStandards:  pulumi.Bool(true),
			ControlFindingGenerator: pulumi.String("SECURITY_CONTROL"),
		})
		if err != nil {
			return err
		}
		ctx.Export("hubArn", exampleHubWithTags.ID())
		return nil
	})
}
Coming soon!
import * as pulumi from "@pulumi/pulumi";
import * as aws_native from "@pulumi/aws-native";
const exampleHubWithTags = new aws_native.securityhub.Hub("exampleHubWithTags", {
    tags: {
        key1: "value1",
        key2: "value2",
    },
    enableDefaultStandards: true,
    controlFindingGenerator: "SECURITY_CONTROL",
});
export const hubArn = exampleHubWithTags.id;
import pulumi
import pulumi_aws_native as aws_native
example_hub_with_tags = aws_native.securityhub.Hub("exampleHubWithTags",
    tags={
        "key1": "value1",
        "key2": "value2",
    },
    enable_default_standards=True,
    control_finding_generator="SECURITY_CONTROL")
pulumi.export("hubArn", example_hub_with_tags.id)
Coming soon!
Example
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AwsNative = Pulumi.AwsNative;
return await Deployment.RunAsync(() => 
{
    var exampleHubWithTags = new AwsNative.SecurityHub.Hub("exampleHubWithTags", new()
    {
        Tags = 
        {
            { "key1", "value1" },
            { "key2", "value2" },
        },
        EnableDefaultStandards = false,
        ControlFindingGenerator = "STANDARD_CONTROL",
    });
    return new Dictionary<string, object?>
    {
        ["hubArn"] = exampleHubWithTags.Id,
    };
});
package main
import (
	"github.com/pulumi/pulumi-aws-native/sdk/go/aws/securityhub"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleHubWithTags, err := securityhub.NewHub(ctx, "exampleHubWithTags", &securityhub.HubArgs{
			Tags: pulumi.StringMap{
				"key1": pulumi.String("value1"),
				"key2": pulumi.String("value2"),
			},
			EnableDefaultStandards:  pulumi.Bool(false),
			ControlFindingGenerator: pulumi.String("STANDARD_CONTROL"),
		})
		if err != nil {
			return err
		}
		ctx.Export("hubArn", exampleHubWithTags.ID())
		return nil
	})
}
Coming soon!
import * as pulumi from "@pulumi/pulumi";
import * as aws_native from "@pulumi/aws-native";
const exampleHubWithTags = new aws_native.securityhub.Hub("exampleHubWithTags", {
    tags: {
        key1: "value1",
        key2: "value2",
    },
    enableDefaultStandards: false,
    controlFindingGenerator: "STANDARD_CONTROL",
});
export const hubArn = exampleHubWithTags.id;
import pulumi
import pulumi_aws_native as aws_native
example_hub_with_tags = aws_native.securityhub.Hub("exampleHubWithTags",
    tags={
        "key1": "value1",
        "key2": "value2",
    },
    enable_default_standards=False,
    control_finding_generator="STANDARD_CONTROL")
pulumi.export("hubArn", example_hub_with_tags.id)
Coming soon!
Example
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AwsNative = Pulumi.AwsNative;
return await Deployment.RunAsync(() => 
{
    var exampleHubWithTags = new AwsNative.SecurityHub.Hub("exampleHubWithTags", new()
    {
        Tags = 
        {
            { "key1", "value1" },
            { "key2", "value2" },
        },
        EnableDefaultStandards = false,
        ControlFindingGenerator = "STANDARD_CONTROL",
    });
    return new Dictionary<string, object?>
    {
        ["hubArn"] = exampleHubWithTags.Id,
    };
});
package main
import (
	"github.com/pulumi/pulumi-aws-native/sdk/go/aws/securityhub"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleHubWithTags, err := securityhub.NewHub(ctx, "exampleHubWithTags", &securityhub.HubArgs{
			Tags: pulumi.StringMap{
				"key1": pulumi.String("value1"),
				"key2": pulumi.String("value2"),
			},
			EnableDefaultStandards:  pulumi.Bool(false),
			ControlFindingGenerator: pulumi.String("STANDARD_CONTROL"),
		})
		if err != nil {
			return err
		}
		ctx.Export("hubArn", exampleHubWithTags.ID())
		return nil
	})
}
Coming soon!
import * as pulumi from "@pulumi/pulumi";
import * as aws_native from "@pulumi/aws-native";
const exampleHubWithTags = new aws_native.securityhub.Hub("exampleHubWithTags", {
    tags: {
        key1: "value1",
        key2: "value2",
    },
    enableDefaultStandards: false,
    controlFindingGenerator: "STANDARD_CONTROL",
});
export const hubArn = exampleHubWithTags.id;
import pulumi
import pulumi_aws_native as aws_native
example_hub_with_tags = aws_native.securityhub.Hub("exampleHubWithTags",
    tags={
        "key1": "value1",
        "key2": "value2",
    },
    enable_default_standards=False,
    control_finding_generator="STANDARD_CONTROL")
pulumi.export("hubArn", example_hub_with_tags.id)
Coming soon!
Create Hub Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Hub(name: string, args?: HubArgs, opts?: CustomResourceOptions);@overload
def Hub(resource_name: str,
        args: Optional[HubArgs] = None,
        opts: Optional[ResourceOptions] = None)
@overload
def Hub(resource_name: str,
        opts: Optional[ResourceOptions] = None,
        auto_enable_controls: Optional[bool] = None,
        control_finding_generator: Optional[str] = None,
        enable_default_standards: Optional[bool] = None,
        tags: Optional[Mapping[str, str]] = None)func NewHub(ctx *Context, name string, args *HubArgs, opts ...ResourceOption) (*Hub, error)public Hub(string name, HubArgs? args = null, CustomResourceOptions? opts = null)type: aws-native:securityhub:Hub
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args HubArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args HubArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args HubArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args HubArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args HubArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Hub Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Hub resource accepts the following input properties:
- AutoEnable boolControls 
- Whether to automatically enable new controls when they are added to standards that are enabled
- ControlFinding stringGenerator 
- This field, used when enabling Security Hub, specifies whether the calling account has consolidated control findings turned on. If the value for this field is set to SECURITY_CONTROL, Security Hub generates a single finding for a control check even when the check applies to multiple enabled standards. If the value for this field is set to STANDARD_CONTROL, Security Hub generates separate findings for a control check when the check applies to multiple enabled standards.
- EnableDefault boolStandards 
- Whether to enable the security standards that Security Hub has designated as automatically enabled.
- Dictionary<string, string>
- An array of key-value pairs to apply to this resource. - For more information, see Tag . 
- AutoEnable boolControls 
- Whether to automatically enable new controls when they are added to standards that are enabled
- ControlFinding stringGenerator 
- This field, used when enabling Security Hub, specifies whether the calling account has consolidated control findings turned on. If the value for this field is set to SECURITY_CONTROL, Security Hub generates a single finding for a control check even when the check applies to multiple enabled standards. If the value for this field is set to STANDARD_CONTROL, Security Hub generates separate findings for a control check when the check applies to multiple enabled standards.
- EnableDefault boolStandards 
- Whether to enable the security standards that Security Hub has designated as automatically enabled.
- map[string]string
- An array of key-value pairs to apply to this resource. - For more information, see Tag . 
- autoEnable BooleanControls 
- Whether to automatically enable new controls when they are added to standards that are enabled
- controlFinding StringGenerator 
- This field, used when enabling Security Hub, specifies whether the calling account has consolidated control findings turned on. If the value for this field is set to SECURITY_CONTROL, Security Hub generates a single finding for a control check even when the check applies to multiple enabled standards. If the value for this field is set to STANDARD_CONTROL, Security Hub generates separate findings for a control check when the check applies to multiple enabled standards.
- enableDefault BooleanStandards 
- Whether to enable the security standards that Security Hub has designated as automatically enabled.
- Map<String,String>
- An array of key-value pairs to apply to this resource. - For more information, see Tag . 
- autoEnable booleanControls 
- Whether to automatically enable new controls when they are added to standards that are enabled
- controlFinding stringGenerator 
- This field, used when enabling Security Hub, specifies whether the calling account has consolidated control findings turned on. If the value for this field is set to SECURITY_CONTROL, Security Hub generates a single finding for a control check even when the check applies to multiple enabled standards. If the value for this field is set to STANDARD_CONTROL, Security Hub generates separate findings for a control check when the check applies to multiple enabled standards.
- enableDefault booleanStandards 
- Whether to enable the security standards that Security Hub has designated as automatically enabled.
- {[key: string]: string}
- An array of key-value pairs to apply to this resource. - For more information, see Tag . 
- auto_enable_ boolcontrols 
- Whether to automatically enable new controls when they are added to standards that are enabled
- control_finding_ strgenerator 
- This field, used when enabling Security Hub, specifies whether the calling account has consolidated control findings turned on. If the value for this field is set to SECURITY_CONTROL, Security Hub generates a single finding for a control check even when the check applies to multiple enabled standards. If the value for this field is set to STANDARD_CONTROL, Security Hub generates separate findings for a control check when the check applies to multiple enabled standards.
- enable_default_ boolstandards 
- Whether to enable the security standards that Security Hub has designated as automatically enabled.
- Mapping[str, str]
- An array of key-value pairs to apply to this resource. - For more information, see Tag . 
- autoEnable BooleanControls 
- Whether to automatically enable new controls when they are added to standards that are enabled
- controlFinding StringGenerator 
- This field, used when enabling Security Hub, specifies whether the calling account has consolidated control findings turned on. If the value for this field is set to SECURITY_CONTROL, Security Hub generates a single finding for a control check even when the check applies to multiple enabled standards. If the value for this field is set to STANDARD_CONTROL, Security Hub generates separate findings for a control check when the check applies to multiple enabled standards.
- enableDefault BooleanStandards 
- Whether to enable the security standards that Security Hub has designated as automatically enabled.
- Map<String>
- An array of key-value pairs to apply to this resource. - For more information, see Tag . 
Outputs
All input properties are implicitly available as output properties. Additionally, the Hub resource produces the following output properties:
- Arn string
- An ARN is automatically created for the customer.
- Id string
- The provider-assigned unique ID for this managed resource.
- SubscribedAt string
- The date and time when Security Hub was enabled in the account.
- Arn string
- An ARN is automatically created for the customer.
- Id string
- The provider-assigned unique ID for this managed resource.
- SubscribedAt string
- The date and time when Security Hub was enabled in the account.
- arn String
- An ARN is automatically created for the customer.
- id String
- The provider-assigned unique ID for this managed resource.
- subscribedAt String
- The date and time when Security Hub was enabled in the account.
- arn string
- An ARN is automatically created for the customer.
- id string
- The provider-assigned unique ID for this managed resource.
- subscribedAt string
- The date and time when Security Hub was enabled in the account.
- arn str
- An ARN is automatically created for the customer.
- id str
- The provider-assigned unique ID for this managed resource.
- subscribed_at str
- The date and time when Security Hub was enabled in the account.
- arn String
- An ARN is automatically created for the customer.
- id String
- The provider-assigned unique ID for this managed resource.
- subscribedAt String
- The date and time when Security Hub was enabled in the account.
Package Details
- Repository
- AWS Native pulumi/pulumi-aws-native
- License
- Apache-2.0
We recommend new projects start with resources from the AWS provider.