Open RanganMahesh opened 7 months ago
Voting for Prioritization
Volunteering to Work on This Issue
Adding more info to this ticket.
The Security Hub distinguishes between standards control and security control. The former denotes the association of a control in the context of a standard, while the latter is the "global" control that can be included in multiple standards.
Since custom parameters are applied globally at the security control level (using the UpdateSecurityControl API), what we need is a new aws_securityhub_security_control
resource.
Also note that you can already configure custom control parameters using SHCPs in both local and central configuration - see aws_securityhub_configuration_policy and aws_securityhub_configuration_policy.
Description
AWS has recently released a features that allows users to modify certain parameters that is used to evaluate the control: Custom control parameters
List of controls which allow customer parameters: Allowed list
The requirement is to update the TF Resource: aws_securityhub_standards_control to support custom control parameters where it is allowed.
Affected Resource(s) and/or Data Source(s)
aws_securityhub_standards_control https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/securityhub_standards_control
Potential Terraform Configuration
References
https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-controls-reference.html https://docs.aws.amazon.com/securityhub/latest/userguide/custom-control-parameters.html https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/securityhub_standards_control
Would you like to implement a fix?
None