SecurityHub / Client / create_configuration_policy
create_configuration_policy#
- SecurityHub.Client.create_configuration_policy(**kwargs)#
Creates a configuration policy with the defined configuration. Only the Security Hub delegated administrator can invoke this operation from the home Region.
See also: AWS API Documentation
Request Syntax
response = client.create_configuration_policy( Name='string', Description='string', ConfigurationPolicy={ 'SecurityHub': { 'ServiceEnabled': True|False, 'EnabledStandardIdentifiers': [ 'string', ], 'SecurityControlsConfiguration': { 'EnabledSecurityControlIdentifiers': [ 'string', ], 'DisabledSecurityControlIdentifiers': [ 'string', ], 'SecurityControlCustomParameters': [ { 'SecurityControlId': 'string', 'Parameters': { 'string': { 'ValueType': 'DEFAULT'|'CUSTOM', 'Value': { 'Integer': 123, 'IntegerList': [ 123, ], 'Double': 123.0, 'String': 'string', 'StringList': [ 'string', ], 'Boolean': True|False, 'Enum': 'string', 'EnumList': [ 'string', ] } } } }, ] } } }, Tags={ 'string': 'string' } )
- Parameters:
Name (string) –
[REQUIRED]
The name of the configuration policy. Alphanumeric characters and the following ASCII characters are permitted:
-, ., !, *, /
.Description (string) – The description of the configuration policy.
ConfigurationPolicy (dict) –
[REQUIRED]
An object that defines how Security Hub is configured. It includes whether Security Hub is enabled or disabled, a list of enabled security standards, a list of enabled or disabled security controls, and a list of custom parameter values for specified controls. If you provide a list of security controls that are enabled in the configuration policy, Security Hub disables all other controls (including newly released controls). If you provide a list of security controls that are disabled in the configuration policy, Security Hub enables all other controls (including newly released controls).
Note
This is a Tagged Union structure. Only one of the following top level keys can be set:
SecurityHub
.SecurityHub (dict) –
The Amazon Web Servicesservice that the configuration policy applies to.
ServiceEnabled (boolean) –
Indicates whether Security Hub is enabled in the policy.
EnabledStandardIdentifiers (list) –
A list that defines which security standards are enabled in the configuration policy.
(string) –
SecurityControlsConfiguration (dict) –
An object that defines which security controls are enabled in the configuration policy. The enablement status of a control is aligned across all of the enabled standards in an account.
EnabledSecurityControlIdentifiers (list) –
A list of security controls that are enabled in the configuration policy. Security Hub disables all other controls (including newly released controls) other than the listed controls.
(string) –
DisabledSecurityControlIdentifiers (list) –
A list of security controls that are disabled in the configuration policy. Security Hub enables all other controls (including newly released controls) other than the listed controls.
(string) –
SecurityControlCustomParameters (list) –
A list of security controls and control parameter values that are included in a configuration policy.
(dict) –
A list of security controls and control parameter values that are included in a configuration policy.
SecurityControlId (string) –
The ID of the security control.
Parameters (dict) –
An object that specifies parameter values for a control in a configuration policy.
(string) –
(dict) –
An object that provides the current value of a security control parameter and identifies whether it has been customized.
ValueType (string) – [REQUIRED]
Identifies whether a control parameter uses a custom user-defined value or subscribes to the default Security Hub behavior.
When
ValueType
is set equal toDEFAULT
, the default behavior can be a specific Security Hub default value, or the default behavior can be to ignore a specific parameter. WhenValueType
is set equal toDEFAULT
, Security Hub ignores user-provided input for theValue
field.When
ValueType
is set equal toCUSTOM
, theValue
field can’t be empty.Value (dict) –
The current value of a control parameter.
Note
This is a Tagged Union structure. Only one of the following top level keys can be set:
Integer
,IntegerList
,Double
,String
,StringList
,Boolean
,Enum
,EnumList
.Integer (integer) –
A control parameter that is an integer.
IntegerList (list) –
A control parameter that is a list of integers.
(integer) –
Double (float) –
A control parameter that is a double.
String (string) –
A control parameter that is a string.
StringList (list) –
A control parameter that is a list of strings.
(string) –
Boolean (boolean) –
A control parameter that is a boolean.
Enum (string) –
A control parameter that is an enum.
EnumList (list) –
A control parameter that is a list of enums.
(string) –
Tags (dict) –
User-defined tags associated with a configuration policy. For more information, see Tagging Security Hub resources in the Security Hub user guide.
(string) –
(string) –
- Return type:
dict
- Returns:
Response Syntax
{ 'Arn': 'string', 'Id': 'string', 'Name': 'string', 'Description': 'string', 'UpdatedAt': datetime(2015, 1, 1), 'CreatedAt': datetime(2015, 1, 1), 'ConfigurationPolicy': { 'SecurityHub': { 'ServiceEnabled': True|False, 'EnabledStandardIdentifiers': [ 'string', ], 'SecurityControlsConfiguration': { 'EnabledSecurityControlIdentifiers': [ 'string', ], 'DisabledSecurityControlIdentifiers': [ 'string', ], 'SecurityControlCustomParameters': [ { 'SecurityControlId': 'string', 'Parameters': { 'string': { 'ValueType': 'DEFAULT'|'CUSTOM', 'Value': { 'Integer': 123, 'IntegerList': [ 123, ], 'Double': 123.0, 'String': 'string', 'StringList': [ 'string', ], 'Boolean': True|False, 'Enum': 'string', 'EnumList': [ 'string', ] } } } }, ] } } } }
Response Structure
(dict) –
Arn (string) –
The Amazon Resource Name (ARN) of the configuration policy.
Id (string) –
The universally unique identifier (UUID) of the configuration policy.
Name (string) –
The name of the configuration policy.
Description (string) –
The description of the configuration policy.
UpdatedAt (datetime) –
The date and time, in UTC and ISO 8601 format, that the configuration policy was last updated.
CreatedAt (datetime) –
The date and time, in UTC and ISO 8601 format, that the configuration policy was created.
ConfigurationPolicy (dict) –
An object that defines how Security Hub is configured. It includes whether Security Hub is enabled or disabled, a list of enabled security standards, a list of enabled or disabled security controls, and a list of custom parameter values for specified controls. If the request included a list of security controls that are enabled in the configuration policy, Security Hub disables all other controls (including newly released controls). If the request included a list of security controls that are disabled in the configuration policy, Security Hub enables all other controls (including newly released controls).
Note
This is a Tagged Union structure. Only one of the following top level keys will be set:
SecurityHub
. If a client receives an unknown member it will setSDK_UNKNOWN_MEMBER
as the top level key, which maps to the name or tag of the unknown member. The structure ofSDK_UNKNOWN_MEMBER
is as follows:'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
SecurityHub (dict) –
The Amazon Web Servicesservice that the configuration policy applies to.
ServiceEnabled (boolean) –
Indicates whether Security Hub is enabled in the policy.
EnabledStandardIdentifiers (list) –
A list that defines which security standards are enabled in the configuration policy.
(string) –
SecurityControlsConfiguration (dict) –
An object that defines which security controls are enabled in the configuration policy. The enablement status of a control is aligned across all of the enabled standards in an account.
EnabledSecurityControlIdentifiers (list) –
A list of security controls that are enabled in the configuration policy. Security Hub disables all other controls (including newly released controls) other than the listed controls.
(string) –
DisabledSecurityControlIdentifiers (list) –
A list of security controls that are disabled in the configuration policy. Security Hub enables all other controls (including newly released controls) other than the listed controls.
(string) –
SecurityControlCustomParameters (list) –
A list of security controls and control parameter values that are included in a configuration policy.
(dict) –
A list of security controls and control parameter values that are included in a configuration policy.
SecurityControlId (string) –
The ID of the security control.
Parameters (dict) –
An object that specifies parameter values for a control in a configuration policy.
(string) –
(dict) –
An object that provides the current value of a security control parameter and identifies whether it has been customized.
ValueType (string) –
Identifies whether a control parameter uses a custom user-defined value or subscribes to the default Security Hub behavior.
When
ValueType
is set equal toDEFAULT
, the default behavior can be a specific Security Hub default value, or the default behavior can be to ignore a specific parameter. WhenValueType
is set equal toDEFAULT
, Security Hub ignores user-provided input for theValue
field.When
ValueType
is set equal toCUSTOM
, theValue
field can’t be empty.Value (dict) –
The current value of a control parameter.
Note
This is a Tagged Union structure. Only one of the following top level keys will be set:
Integer
,IntegerList
,Double
,String
,StringList
,Boolean
,Enum
,EnumList
. If a client receives an unknown member it will setSDK_UNKNOWN_MEMBER
as the top level key, which maps to the name or tag of the unknown member. The structure ofSDK_UNKNOWN_MEMBER
is as follows:'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
Integer (integer) –
A control parameter that is an integer.
IntegerList (list) –
A control parameter that is a list of integers.
(integer) –
Double (float) –
A control parameter that is a double.
String (string) –
A control parameter that is a string.
StringList (list) –
A control parameter that is a list of strings.
(string) –
Boolean (boolean) –
A control parameter that is a boolean.
Enum (string) –
A control parameter that is an enum.
EnumList (list) –
A control parameter that is a list of enums.
(string) –
Exceptions
SecurityHub.Client.exceptions.InternalException
SecurityHub.Client.exceptions.InvalidAccessException
SecurityHub.Client.exceptions.InvalidInputException
SecurityHub.Client.exceptions.LimitExceededException
SecurityHub.Client.exceptions.AccessDeniedException
SecurityHub.Client.exceptions.ResourceConflictException