search

hashicorp / terraform-provider-aws

The AWS Provider enables Terraform to manage AWS resources.
https://registry.terraform.io/providers/hashicorp/aws
Mozilla Public License 2.0
9.83k stars 9.17k forks source link

[New Resource]: aws_securityhub_configuration_policy_disassociation #39392

Open jc-2017 opened 1 month ago

jc-2017 commented 1 month ago

Description

A Terraform resource which provides the ability to disassociate a target account, organizational unit, or the root from a specified configuration policy. This would align with the AWS API StartConfigurationPolicyDisassociation.

Requested Resource(s) and/or Data Source(s)

aws_securityhub_configuration_policy_disassociation

Potential Terraform Configuration

resource "aws_securityhub_configuration_policy" "example" {
  name        = "Example"
  description = "This is an example configuration policy"

  configuration_policy {
    service_enabled = true
    enabled_standard_arns = [
      "arn:aws:securityhub:us-east-1::standards/aws-foundational-security-best-practices/v/1.0.0",
      "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0",
    ]
    security_controls_configuration {
      disabled_control_identifiers = []
    }
  }

}

resource "aws_securityhub_configuration_policy_disassociation" "account_example" {
  target_id = "123456789012"
  policy_id = aws_securityhub_configuration_policy.example.id
}

resource "aws_securityhub_configuration_policy_disassociation" "root_example" {
  target_id = "r-abcd"
  policy_id = aws_securityhub_configuration_policy.example.id
}

resource "aws_securityhub_configuration_policy_disassociation" "ou_example" {
  target_id = "ou-abcd-12345678"
  policy_id = aws_securityhub_configuration_policy.example.id
}

References

AWS StartConfigurationPolicyDisassociation API

Would you like to implement a fix?

None

github-actions[bot] commented 1 month ago

Community Note

Voting for Prioritization

Volunteering to Work on This Issue