hashicorp / terraform-provider-aws

The AWS Provider enables Terraform to manage AWS resources.

https://registry.terraform.io/providers/hashicorp/aws

Mozilla Public License 2.0

9.8k stars 9.15k forks source link

[Enhancement]: Add SecurityHub CIS3.0 standard #39740

Closed DanielBYosifov closed 1 day ago

DanielBYosifov commented 2 days ago

Description

Hello Team,

Can you please add the CIS 3.0.0 standard in Terraform? Looking into the documentation, it is still not available - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/securityhub_standards_subscription#argument-reference

Affected Resource(s) and/or Data Source(s)

aws_securityhub_standards_subscription

Potential Terraform Configuration

No response

References

https://aws.amazon.com/about-aws/whats-new/2024/05/aws-security-hub-3-0-cis-foundations-benchmark/

Would you like to implement a fix?

None

github-actions[bot] commented 2 days ago

Community Note

Voting for Prioritization

Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
Please see our prioritization guide for information on how we prioritize.
Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

If you are interested in working on this issue, please leave a comment.
If this would be your first contribution, please review the contribution guide.

stefanfreitag commented 1 day ago

Hello @DanielBYosifov, thank you for bringing this to our attention!

I had a look into the AWS provider code and it seems that the resource only expects a valid ARN as input. So the crucial part is to find the right ARN. The AWS CLI offers aws securityhub describe-standards for this, and I got as result below information

standards_arn = "arn:aws:securityhub:eu-central-1::standards/cis-aws-foundations-benchmark/v/3.0.0"

So I think it is more about updating the documentation for the resource to provide details on the name/ ARN of the standard. Let me take care of that.

github-actions[bot] commented 1 day ago

[!WARNING] This issue has been closed, meaning that any additional comments are hard for our team to see. Please assume that the maintainers will not see them.

Ongoing conversations amongst community members are welcome, however, the issue will be locked after 30 days. Moving conversations to another venue, such as the AWS Provider forum, is recommended. If you have additional concerns, please open a new issue, referencing this one where needed.