AWS Cloud Control v1.26.0, Mar 12 25

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.26.0 published on Wednesday, Mar 12, 2025 by Pulumi

pulumi/pulumi-aws-native

aws-native.securityhub.getConfigurationPolicy

Explore with Pulumi AI

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.26.0 published on Wednesday, Mar 12, 2025 by Pulumi

pulumi/pulumi-aws-native

Using getConfigurationPolicy

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getConfigurationPolicy(args: GetConfigurationPolicyArgs, opts?: InvokeOptions): Promise<GetConfigurationPolicyResult>
function getConfigurationPolicyOutput(args: GetConfigurationPolicyOutputArgs, opts?: InvokeOptions): Output<GetConfigurationPolicyResult>

def get_configuration_policy(arn: Optional[str] = None,
                             opts: Optional[InvokeOptions] = None) -> GetConfigurationPolicyResult
def get_configuration_policy_output(arn: Optional[pulumi.Input[str]] = None,
                             opts: Optional[InvokeOptions] = None) -> Output[GetConfigurationPolicyResult]

func LookupConfigurationPolicy(ctx *Context, args *LookupConfigurationPolicyArgs, opts ...InvokeOption) (*LookupConfigurationPolicyResult, error)
func LookupConfigurationPolicyOutput(ctx *Context, args *LookupConfigurationPolicyOutputArgs, opts ...InvokeOption) LookupConfigurationPolicyResultOutput

> Note: This function is named LookupConfigurationPolicy in the Go SDK.

public static class GetConfigurationPolicy 
{
    public static Task<GetConfigurationPolicyResult> InvokeAsync(GetConfigurationPolicyArgs args, InvokeOptions? opts = null)
    public static Output<GetConfigurationPolicyResult> Invoke(GetConfigurationPolicyInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetConfigurationPolicyResult> getConfigurationPolicy(GetConfigurationPolicyArgs args, InvokeOptions options)
public static Output<GetConfigurationPolicyResult> getConfigurationPolicy(GetConfigurationPolicyArgs args, InvokeOptions options)

fn::invoke:
  function: aws-native:securityhub:getConfigurationPolicy
  arguments:
    # arguments dictionary

The following arguments are supported:

Arn string: The Amazon Resource Name (ARN) of the configuration policy.

Arn string: The Amazon Resource Name (ARN) of the configuration policy.

arn String: The Amazon Resource Name (ARN) of the configuration policy.

arn string: The Amazon Resource Name (ARN) of the configuration policy.

arn str: The Amazon Resource Name (ARN) of the configuration policy.

arn String: The Amazon Resource Name (ARN) of the configuration policy.

getConfigurationPolicy Result

The following output properties are available:

Arn string: The Amazon Resource Name (ARN) of the configuration policy.
ConfigurationPolicyValue Pulumi.AwsNative.SecurityHub.Outputs.ConfigurationPolicyPolicy: An object that defines how AWS Security Hub is configured. It includes whether Security Hub is enabled or disabled, a list of enabled security standards, a list of enabled or disabled security controls, and a list of custom parameter values for specified controls. If you provide a list of security controls that are enabled in the configuration policy, Security Hub disables all other controls (including newly released controls). If you provide a list of security controls that are disabled in the configuration policy, Security Hub enables all other controls (including newly released controls).
CreatedAt string: The date and time, in UTC and ISO 8601 format.
Description string: The description of the configuration policy.
Id string: The universally unique identifier (UUID) of the configuration policy.
Name string: The name of the configuration policy.
ServiceEnabled bool: Indicates whether the service that the configuration policy applies to is enabled in the policy.
Tags Dictionary<string, string>: User-defined tags associated with a configuration policy. For more information, see Tagging AWS Security Hub resources in the Security Hub user guide .
UpdatedAt string: The date and time, in UTC and ISO 8601 format.

Arn string: The Amazon Resource Name (ARN) of the configuration policy.
ConfigurationPolicy ConfigurationPolicyPolicy: An object that defines how AWS Security Hub is configured. It includes whether Security Hub is enabled or disabled, a list of enabled security standards, a list of enabled or disabled security controls, and a list of custom parameter values for specified controls. If you provide a list of security controls that are enabled in the configuration policy, Security Hub disables all other controls (including newly released controls). If you provide a list of security controls that are disabled in the configuration policy, Security Hub enables all other controls (including newly released controls).
CreatedAt string: The date and time, in UTC and ISO 8601 format.
Description string: The description of the configuration policy.
Id string: The universally unique identifier (UUID) of the configuration policy.
Name string: The name of the configuration policy.
ServiceEnabled bool: Indicates whether the service that the configuration policy applies to is enabled in the policy.
Tags map[string]string: User-defined tags associated with a configuration policy. For more information, see Tagging AWS Security Hub resources in the Security Hub user guide .
UpdatedAt string: The date and time, in UTC and ISO 8601 format.

arn String: The Amazon Resource Name (ARN) of the configuration policy.
configurationPolicy ConfigurationPolicyPolicy: An object that defines how AWS Security Hub is configured. It includes whether Security Hub is enabled or disabled, a list of enabled security standards, a list of enabled or disabled security controls, and a list of custom parameter values for specified controls. If you provide a list of security controls that are enabled in the configuration policy, Security Hub disables all other controls (including newly released controls). If you provide a list of security controls that are disabled in the configuration policy, Security Hub enables all other controls (including newly released controls).
createdAt String: The date and time, in UTC and ISO 8601 format.
description String: The description of the configuration policy.
id String: The universally unique identifier (UUID) of the configuration policy.
name String: The name of the configuration policy.
serviceEnabled Boolean: Indicates whether the service that the configuration policy applies to is enabled in the policy.
tags Map<String,String>: User-defined tags associated with a configuration policy. For more information, see Tagging AWS Security Hub resources in the Security Hub user guide .
updatedAt String: The date and time, in UTC and ISO 8601 format.

arn string: The Amazon Resource Name (ARN) of the configuration policy.
configurationPolicy ConfigurationPolicyPolicy: An object that defines how AWS Security Hub is configured. It includes whether Security Hub is enabled or disabled, a list of enabled security standards, a list of enabled or disabled security controls, and a list of custom parameter values for specified controls. If you provide a list of security controls that are enabled in the configuration policy, Security Hub disables all other controls (including newly released controls). If you provide a list of security controls that are disabled in the configuration policy, Security Hub enables all other controls (including newly released controls).
createdAt string: The date and time, in UTC and ISO 8601 format.
description string: The description of the configuration policy.
id string: The universally unique identifier (UUID) of the configuration policy.
name string: The name of the configuration policy.
serviceEnabled boolean: Indicates whether the service that the configuration policy applies to is enabled in the policy.
tags {[key: string]: string}: User-defined tags associated with a configuration policy. For more information, see Tagging AWS Security Hub resources in the Security Hub user guide .
updatedAt string: The date and time, in UTC and ISO 8601 format.

arn str: The Amazon Resource Name (ARN) of the configuration policy.
configuration_policy ConfigurationPolicyPolicy: An object that defines how AWS Security Hub is configured. It includes whether Security Hub is enabled or disabled, a list of enabled security standards, a list of enabled or disabled security controls, and a list of custom parameter values for specified controls. If you provide a list of security controls that are enabled in the configuration policy, Security Hub disables all other controls (including newly released controls). If you provide a list of security controls that are disabled in the configuration policy, Security Hub enables all other controls (including newly released controls).
created_at str: The date and time, in UTC and ISO 8601 format.
description str: The description of the configuration policy.
id str: The universally unique identifier (UUID) of the configuration policy.
name str: The name of the configuration policy.
service_enabled bool: Indicates whether the service that the configuration policy applies to is enabled in the policy.
tags Mapping[str, str]: User-defined tags associated with a configuration policy. For more information, see Tagging AWS Security Hub resources in the Security Hub user guide .
updated_at str: The date and time, in UTC and ISO 8601 format.

arn String: The Amazon Resource Name (ARN) of the configuration policy.
configurationPolicy Property Map: An object that defines how AWS Security Hub is configured. It includes whether Security Hub is enabled or disabled, a list of enabled security standards, a list of enabled or disabled security controls, and a list of custom parameter values for specified controls. If you provide a list of security controls that are enabled in the configuration policy, Security Hub disables all other controls (including newly released controls). If you provide a list of security controls that are disabled in the configuration policy, Security Hub enables all other controls (including newly released controls).
createdAt String: The date and time, in UTC and ISO 8601 format.
description String: The description of the configuration policy.
id String: The universally unique identifier (UUID) of the configuration policy.
name String: The name of the configuration policy.
serviceEnabled Boolean: Indicates whether the service that the configuration policy applies to is enabled in the policy.
tags Map<String>: User-defined tags associated with a configuration policy. For more information, see Tagging AWS Security Hub resources in the Security Hub user guide .
updatedAt String: The date and time, in UTC and ISO 8601 format.

Supporting Types

ConfigurationPolicyParameterConfiguration

ValueType Pulumi.AwsNative.SecurityHub.ConfigurationPolicyParameterConfigurationValueType: Identifies whether a control parameter uses a custom user-defined value or subscribes to the default AWS Security Hub behavior.
Value Pulumi.AwsNative.SecurityHub.Inputs.ConfigurationPolicyParameterValue

ValueType ConfigurationPolicyParameterConfigurationValueType: Identifies whether a control parameter uses a custom user-defined value or subscribes to the default AWS Security Hub behavior.
Value ConfigurationPolicyParameterValue

valueType ConfigurationPolicyParameterConfigurationValueType: Identifies whether a control parameter uses a custom user-defined value or subscribes to the default AWS Security Hub behavior.
value ConfigurationPolicyParameterValue

valueType ConfigurationPolicyParameterConfigurationValueType: Identifies whether a control parameter uses a custom user-defined value or subscribes to the default AWS Security Hub behavior.
value ConfigurationPolicyParameterValue

value_type ConfigurationPolicyParameterConfigurationValueType: Identifies whether a control parameter uses a custom user-defined value or subscribes to the default AWS Security Hub behavior.
value ConfigurationPolicyParameterValue

valueType "DEFAULT" | "CUSTOM": Identifies whether a control parameter uses a custom user-defined value or subscribes to the default AWS Security Hub behavior.
value Property Map

ConfigurationPolicyParameterConfigurationValueType

ConfigurationPolicyParameterValue

Boolean bool: A control parameter that is a boolean.
Double double: A control parameter that is a double.
Enum string: A control parameter that is an enum.
EnumList List<string>: A control parameter that is a list of enums.
Integer int: A control parameter that is an integer.
IntegerList List<int>: A control parameter that is a list of integers.
String string: A control parameter that is a string.
StringList List<string>: A control parameter that is a list of strings.

Boolean bool: A control parameter that is a boolean.
Double float64: A control parameter that is a double.
Enum string: A control parameter that is an enum.
EnumList []string: A control parameter that is a list of enums.
Integer int: A control parameter that is an integer.
IntegerList []int: A control parameter that is a list of integers.
String string: A control parameter that is a string.
StringList []string: A control parameter that is a list of strings.

boolean_ Boolean: A control parameter that is a boolean.
double_ Double: A control parameter that is a double.
enumList List<String>: A control parameter that is a list of enums.
enum_ String: A control parameter that is an enum.
integer Integer: A control parameter that is an integer.
integerList List<Integer>: A control parameter that is a list of integers.
string String: A control parameter that is a string.
stringList List<String>: A control parameter that is a list of strings.

boolean boolean: A control parameter that is a boolean.
double number: A control parameter that is a double.
enum string: A control parameter that is an enum.
enumList string[]: A control parameter that is a list of enums.
integer number: A control parameter that is an integer.
integerList number[]: A control parameter that is a list of integers.
string string: A control parameter that is a string.
stringList string[]: A control parameter that is a list of strings.

boolean bool: A control parameter that is a boolean.
double float: A control parameter that is a double.
enum str: A control parameter that is an enum.
enum_list Sequence[str]: A control parameter that is a list of enums.
integer int: A control parameter that is an integer.
integer_list Sequence[int]: A control parameter that is a list of integers.
string str: A control parameter that is a string.
string_list Sequence[str]: A control parameter that is a list of strings.

boolean Boolean: A control parameter that is a boolean.
double Number: A control parameter that is a double.
enum String: A control parameter that is an enum.
enumList List<String>: A control parameter that is a list of enums.
integer Number: A control parameter that is an integer.
integerList List<Number>: A control parameter that is a list of integers.
string String: A control parameter that is a string.
stringList List<String>: A control parameter that is a list of strings.

ConfigurationPolicyPolicy

SecurityHub Pulumi.AwsNative.SecurityHub.Inputs.ConfigurationPolicySecurityHubPolicy: The AWS service that the configuration policy applies to.

SecurityHub ConfigurationPolicySecurityHubPolicy: The AWS service that the configuration policy applies to.

securityHub ConfigurationPolicySecurityHubPolicy: The AWS service that the configuration policy applies to.

securityHub ConfigurationPolicySecurityHubPolicy: The AWS service that the configuration policy applies to.

security_hub ConfigurationPolicySecurityHubPolicy: The AWS service that the configuration policy applies to.

securityHub Property Map: The AWS service that the configuration policy applies to.

ConfigurationPolicySecurityControlCustomParameter

Parameters Dictionary<string, Pulumi.AwsNative.SecurityHub.Inputs.ConfigurationPolicyParameterConfiguration>: An object that specifies parameter values for a control in a configuration policy.
SecurityControlId string: The ID of the security control.

Parameters map[string]ConfigurationPolicyParameterConfiguration: An object that specifies parameter values for a control in a configuration policy.
SecurityControlId string: The ID of the security control.

parameters Map<String,ConfigurationPolicyParameterConfiguration>: An object that specifies parameter values for a control in a configuration policy.
securityControlId String: The ID of the security control.

parameters {[key: string]: ConfigurationPolicyParameterConfiguration}: An object that specifies parameter values for a control in a configuration policy.
securityControlId string: The ID of the security control.

parameters Mapping[str, ConfigurationPolicyParameterConfiguration]: An object that specifies parameter values for a control in a configuration policy.
security_control_id str: The ID of the security control.

parameters Map<Property Map>: An object that specifies parameter values for a control in a configuration policy.
securityControlId String: The ID of the security control.

ConfigurationPolicySecurityControlsConfiguration

DisabledSecurityControlIdentifiers List<string>: A list of security controls that are disabled in the configuration policy
EnabledSecurityControlIdentifiers List<string>: A list of security controls that are enabled in the configuration policy.
SecurityControlCustomParameters List<Pulumi.AwsNative.SecurityHub.Inputs.ConfigurationPolicySecurityControlCustomParameter>: A list of security controls and control parameter values that are included in a configuration policy.

DisabledSecurityControlIdentifiers []string: A list of security controls that are disabled in the configuration policy
EnabledSecurityControlIdentifiers []string: A list of security controls that are enabled in the configuration policy.
SecurityControlCustomParameters []ConfigurationPolicySecurityControlCustomParameter: A list of security controls and control parameter values that are included in a configuration policy.

disabledSecurityControlIdentifiers List<String>: A list of security controls that are disabled in the configuration policy
enabledSecurityControlIdentifiers List<String>: A list of security controls that are enabled in the configuration policy.
securityControlCustomParameters List<ConfigurationPolicySecurityControlCustomParameter>: A list of security controls and control parameter values that are included in a configuration policy.

disabledSecurityControlIdentifiers string[]: A list of security controls that are disabled in the configuration policy
enabledSecurityControlIdentifiers string[]: A list of security controls that are enabled in the configuration policy.
securityControlCustomParameters ConfigurationPolicySecurityControlCustomParameter[]: A list of security controls and control parameter values that are included in a configuration policy.

disabled_security_control_identifiers Sequence[str]: A list of security controls that are disabled in the configuration policy
enabled_security_control_identifiers Sequence[str]: A list of security controls that are enabled in the configuration policy.
security_control_custom_parameters Sequence[ConfigurationPolicySecurityControlCustomParameter]: A list of security controls and control parameter values that are included in a configuration policy.

disabledSecurityControlIdentifiers List<String>: A list of security controls that are disabled in the configuration policy
enabledSecurityControlIdentifiers List<String>: A list of security controls that are enabled in the configuration policy.
securityControlCustomParameters List<Property Map>: A list of security controls and control parameter values that are included in a configuration policy.

ConfigurationPolicySecurityHubPolicy

EnabledStandardIdentifiers List<string>

A list that defines which security standards are enabled in the configuration policy.

SecurityControlsConfiguration Pulumi.AwsNative.SecurityHub.Inputs.ConfigurationPolicySecurityControlsConfiguration

An object that defines which security controls are enabled in the configuration policy. The enablement status of a control is aligned across all of the enabled standards in an account.

This property is required only if ServiceEnabled is set to true in your configuration policy.

ServiceEnabled bool

Indicates whether Security Hub is enabled in the policy.

EnabledStandardIdentifiers []string

A list that defines which security standards are enabled in the configuration policy.

SecurityControlsConfiguration ConfigurationPolicySecurityControlsConfiguration

An object that defines which security controls are enabled in the configuration policy. The enablement status of a control is aligned across all of the enabled standards in an account.

This property is required only if ServiceEnabled is set to true in your configuration policy.

ServiceEnabled bool

Indicates whether Security Hub is enabled in the policy.

enabledStandardIdentifiers List<String>

A list that defines which security standards are enabled in the configuration policy.

securityControlsConfiguration ConfigurationPolicySecurityControlsConfiguration

An object that defines which security controls are enabled in the configuration policy. The enablement status of a control is aligned across all of the enabled standards in an account.

This property is required only if ServiceEnabled is set to true in your configuration policy.

serviceEnabled Boolean

Indicates whether Security Hub is enabled in the policy.

enabledStandardIdentifiers string[]

A list that defines which security standards are enabled in the configuration policy.

securityControlsConfiguration ConfigurationPolicySecurityControlsConfiguration

An object that defines which security controls are enabled in the configuration policy. The enablement status of a control is aligned across all of the enabled standards in an account.

This property is required only if ServiceEnabled is set to true in your configuration policy.

serviceEnabled boolean

Indicates whether Security Hub is enabled in the policy.

enabled_standard_identifiers Sequence[str]

A list that defines which security standards are enabled in the configuration policy.

security_controls_configuration ConfigurationPolicySecurityControlsConfiguration

An object that defines which security controls are enabled in the configuration policy. The enablement status of a control is aligned across all of the enabled standards in an account.

This property is required only if ServiceEnabled is set to true in your configuration policy.

service_enabled bool

Indicates whether Security Hub is enabled in the policy.

enabledStandardIdentifiers List<String>

A list that defines which security standards are enabled in the configuration policy.

securityControlsConfiguration Property Map

An object that defines which security controls are enabled in the configuration policy. The enablement status of a control is aligned across all of the enabled standards in an account.

This property is required only if ServiceEnabled is set to true in your configuration policy.

serviceEnabled Boolean

Indicates whether Security Hub is enabled in the policy.

Package Details

Repository: AWS Native pulumi/pulumi-aws-native
License: Apache-2.0

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.26.0 published on Wednesday, Mar 12, 2025 by Pulumi

pulumi/pulumi-aws-native

aws-native.securityhub.getConfigurationPolicy

On this page

On this page

Using getConfigurationPolicy

getConfigurationPolicy Result

Supporting Types

ConfigurationPolicyParameterConfiguration

ConfigurationPolicyParameterConfigurationValueType

ConfigurationPolicyParameterValue

ConfigurationPolicyPolicy

ConfigurationPolicySecurityControlCustomParameter

ConfigurationPolicySecurityControlsConfiguration

ConfigurationPolicySecurityHubPolicy

Package Details

On this page

On this page