github.com/pulumi/pulumi-aws/sdk/v6@v6.32.0/go/aws/securityhub/configurationPolicy.go

// Code generated by the Pulumi Terraform Bridge (tfgen) Tool DO NOT EDIT.
// *** WARNING: Do not edit by hand unless you're certain you know what you are doing! ***

package securityhub

import (
	"context"
	"reflect"

	"errors"
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/internal"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

// Manages Security Hub configuration policy
//
// > **NOTE:** This resource requires `securityhub.OrganizationConfiguration` to be configured of type `CENTRAL`. More information about Security Hub central configuration and configuration policies can be found in the [How Security Hub configuration policies work](https://docs.aws.amazon.com/securityhub/latest/userguide/configuration-policies-overview.html) documentation.
//
// ## Example Usage
//
// ### Default standards enabled
//
// <!--Start PulumiCodeChooser -->
// ```go
// package main
//
// import (
//
//	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/securityhub"
//	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
//
// )
//
//	func main() {
//		pulumi.Run(func(ctx *pulumi.Context) error {
//			example, err := securityhub.NewFindingAggregator(ctx, "example", &securityhub.FindingAggregatorArgs{
//				LinkingMode: pulumi.String("ALL_REGIONS"),
//			})
//			if err != nil {
//				return err
//			}
//			exampleOrganizationConfiguration, err := securityhub.NewOrganizationConfiguration(ctx, "example", &securityhub.OrganizationConfigurationArgs{
//				AutoEnable:          pulumi.Bool(false),
//				AutoEnableStandards: pulumi.String("NONE"),
//				OrganizationConfiguration: &securityhub.OrganizationConfigurationOrganizationConfigurationArgs{
//					ConfigurationType: pulumi.String("CENTRAL"),
//				},
//			}, pulumi.DependsOn([]pulumi.Resource{
//				example,
//			}))
//			if err != nil {
//				return err
//			}
//			_, err = securityhub.NewConfigurationPolicy(ctx, "example", &securityhub.ConfigurationPolicyArgs{
//				Name:        pulumi.String("Example"),
//				Description: pulumi.String("This is an example configuration policy"),
//				ConfigurationPolicy: &securityhub.ConfigurationPolicyConfigurationPolicyArgs{
//					ServiceEnabled: pulumi.Bool(true),
//					EnabledStandardArns: pulumi.StringArray{
//						pulumi.String("arn:aws:securityhub:us-east-1::standards/aws-foundational-security-best-practices/v/1.0.0"),
//						pulumi.String("arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0"),
//					},
//					SecurityControlsConfiguration: &securityhub.ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationArgs{
//						DisabledControlIdentifiers: pulumi.StringArray{},
//					},
//				},
//			}, pulumi.DependsOn([]pulumi.Resource{
//				exampleOrganizationConfiguration,
//			}))
//			if err != nil {
//				return err
//			}
//			return nil
//		})
//	}
//
// ```
// <!--End PulumiCodeChooser -->
//
// ### Disabled Policy
//
// <!--Start PulumiCodeChooser -->
// ```go
// package main
//
// import (
//
//	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/securityhub"
//	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
//
// )
//
//	func main() {
//		pulumi.Run(func(ctx *pulumi.Context) error {
//			_, err := securityhub.NewConfigurationPolicy(ctx, "disabled", &securityhub.ConfigurationPolicyArgs{
//				Name:        pulumi.String("Disabled"),
//				Description: pulumi.String("This is an example of disabled configuration policy"),
//				ConfigurationPolicy: &securityhub.ConfigurationPolicyConfigurationPolicyArgs{
//					ServiceEnabled: pulumi.Bool(false),
//				},
//			}, pulumi.DependsOn([]pulumi.Resource{
//				example,
//			}))
//			if err != nil {
//				return err
//			}
//			return nil
//		})
//	}
//
// ```
// <!--End PulumiCodeChooser -->
//
// ### Custom Control Configuration
//
// <!--Start PulumiCodeChooser -->
// ```go
// package main
//
// import (
//
//	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/securityhub"
//	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
//
// )
//
//	func main() {
//		pulumi.Run(func(ctx *pulumi.Context) error {
//			_, err := securityhub.NewConfigurationPolicy(ctx, "disabled", &securityhub.ConfigurationPolicyArgs{
//				Name:        pulumi.String("Custom Controls"),
//				Description: pulumi.String("This is an example of configuration policy with custom control settings"),
//				ConfigurationPolicy: &securityhub.ConfigurationPolicyConfigurationPolicyArgs{
//					ServiceEnabled: pulumi.Bool(true),
//					EnabledStandardArns: pulumi.StringArray{
//						pulumi.String("arn:aws:securityhub:us-east-1::standards/aws-foundational-security-best-practices/v/1.0.0"),
//						pulumi.String("arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0"),
//					},
//					SecurityControlsConfiguration: &securityhub.ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationArgs{
//						EnabledControlIdentifiers: pulumi.StringArray{
//							pulumi.String("APIGateway.1"),
//							pulumi.String("IAM.7"),
//						},
//						SecurityControlCustomParameters: securityhub.ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterArray{
//							&securityhub.ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterArgs{
//								SecurityControlId: pulumi.String("APIGateway.1"),
//								Parameters: securityhub.ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterArray{
//									&securityhub.ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterArgs{
//										Name:      pulumi.String("loggingLevel"),
//										ValueType: pulumi.String("CUSTOM"),
//										Enum: &securityhub.ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterEnumArgs{
//											Value: pulumi.String("INFO"),
//										},
//									},
//								},
//							},
//							&securityhub.ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterArgs{
//								SecurityControlId: pulumi.String("IAM.7"),
//								Parameters: securityhub.ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterArray{
//									&securityhub.ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterArgs{
//										Name:      pulumi.String("RequireLowercaseCharacters"),
//										ValueType: pulumi.String("CUSTOM"),
//										Bool: &securityhub.ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterBoolArgs{
//											Value: pulumi.Bool(false),
//										},
//									},
//									&securityhub.ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterArgs{
//										Name:      pulumi.String("MaxPasswordAge"),
//										ValueType: pulumi.String("CUSTOM"),
//										Int: &securityhub.ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterIntArgs{
//											Value: pulumi.Int(60),
//										},
//									},
//								},
//							},
//						},
//					},
//				},
//			}, pulumi.DependsOn([]pulumi.Resource{
//				example,
//			}))
//			if err != nil {
//				return err
//			}
//			return nil
//		})
//	}
//
// ```
// <!--End PulumiCodeChooser -->
//
// ## Import
//
// Using `pulumi import`, import an existing Security Hub enabled account using the universally unique identifier (UUID) of the policy. For example:
//
// ```sh
// $ pulumi import aws:securityhub/configurationPolicy:ConfigurationPolicy example "00000000-1111-2222-3333-444444444444"
// ```
type ConfigurationPolicy struct {
	pulumi.CustomResourceState

	Arn pulumi.StringOutput `pulumi:"arn"`
	// Defines how Security Hub is configured. See below.
	ConfigurationPolicy ConfigurationPolicyConfigurationPolicyOutput `pulumi:"configurationPolicy"`
	// The description of the configuration policy.
	Description pulumi.StringPtrOutput `pulumi:"description"`
	// The name of the configuration policy.
	Name pulumi.StringOutput `pulumi:"name"`
}

// NewConfigurationPolicy registers a new resource with the given unique name, arguments, and options.
func NewConfigurationPolicy(ctx *pulumi.Context,
	name string, args *ConfigurationPolicyArgs, opts ...pulumi.ResourceOption) (*ConfigurationPolicy, error) {
	if args == nil {
		return nil, errors.New("missing one or more required arguments")
	}

	if args.ConfigurationPolicy == nil {
		return nil, errors.New("invalid value for required argument 'ConfigurationPolicy'")
	}
	opts = internal.PkgResourceDefaultOpts(opts)
	var resource ConfigurationPolicy
	err := ctx.RegisterResource("aws:securityhub/configurationPolicy:ConfigurationPolicy", name, args, &resource, opts...)
	if err != nil {
		return nil, err
	}
	return &resource, nil
}

// GetConfigurationPolicy gets an existing ConfigurationPolicy resource's state with the given name, ID, and optional
// state properties that are used to uniquely qualify the lookup (nil if not required).
func GetConfigurationPolicy(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *ConfigurationPolicyState, opts ...pulumi.ResourceOption) (*ConfigurationPolicy, error) {
	var resource ConfigurationPolicy
	err := ctx.ReadResource("aws:securityhub/configurationPolicy:ConfigurationPolicy", name, id, state, &resource, opts...)
	if err != nil {
		return nil, err
	}
	return &resource, nil
}

// Input properties used for looking up and filtering ConfigurationPolicy resources.
type configurationPolicyState struct {
	Arn *string `pulumi:"arn"`
	// Defines how Security Hub is configured. See below.
	ConfigurationPolicy *ConfigurationPolicyConfigurationPolicy `pulumi:"configurationPolicy"`
	// The description of the configuration policy.
	Description *string `pulumi:"description"`
	// The name of the configuration policy.
	Name *string `pulumi:"name"`
}

type ConfigurationPolicyState struct {
	Arn pulumi.StringPtrInput
	// Defines how Security Hub is configured. See below.
	ConfigurationPolicy ConfigurationPolicyConfigurationPolicyPtrInput
	// The description of the configuration policy.
	Description pulumi.StringPtrInput
	// The name of the configuration policy.
	Name pulumi.StringPtrInput
}

func (ConfigurationPolicyState) ElementType() reflect.Type {
	return reflect.TypeOf((*configurationPolicyState)(nil)).Elem()
}

type configurationPolicyArgs struct {
	// Defines how Security Hub is configured. See below.
	ConfigurationPolicy ConfigurationPolicyConfigurationPolicy `pulumi:"configurationPolicy"`
	// The description of the configuration policy.
	Description *string `pulumi:"description"`
	// The name of the configuration policy.
	Name *string `pulumi:"name"`
}

// The set of arguments for constructing a ConfigurationPolicy resource.
type ConfigurationPolicyArgs struct {
	// Defines how Security Hub is configured. See below.
	ConfigurationPolicy ConfigurationPolicyConfigurationPolicyInput
	// The description of the configuration policy.
	Description pulumi.StringPtrInput
	// The name of the configuration policy.
	Name pulumi.StringPtrInput
}

func (ConfigurationPolicyArgs) ElementType() reflect.Type {
	return reflect.TypeOf((*configurationPolicyArgs)(nil)).Elem()
}

type ConfigurationPolicyInput interface {
	pulumi.Input

	ToConfigurationPolicyOutput() ConfigurationPolicyOutput
	ToConfigurationPolicyOutputWithContext(ctx context.Context) ConfigurationPolicyOutput
}

func (*ConfigurationPolicy) ElementType() reflect.Type {
	return reflect.TypeOf((**ConfigurationPolicy)(nil)).Elem()
}

func (i *ConfigurationPolicy) ToConfigurationPolicyOutput() ConfigurationPolicyOutput {
	return i.ToConfigurationPolicyOutputWithContext(context.Background())
}

func (i *ConfigurationPolicy) ToConfigurationPolicyOutputWithContext(ctx context.Context) ConfigurationPolicyOutput {
	return pulumi.ToOutputWithContext(ctx, i).(ConfigurationPolicyOutput)
}

// ConfigurationPolicyArrayInput is an input type that accepts ConfigurationPolicyArray and ConfigurationPolicyArrayOutput values.
// You can construct a concrete instance of `ConfigurationPolicyArrayInput` via:
//
//	ConfigurationPolicyArray{ ConfigurationPolicyArgs{...} }
type ConfigurationPolicyArrayInput interface {
	pulumi.Input

	ToConfigurationPolicyArrayOutput() ConfigurationPolicyArrayOutput
	ToConfigurationPolicyArrayOutputWithContext(context.Context) ConfigurationPolicyArrayOutput
}

type ConfigurationPolicyArray []ConfigurationPolicyInput

func (ConfigurationPolicyArray) ElementType() reflect.Type {
	return reflect.TypeOf((*[]*ConfigurationPolicy)(nil)).Elem()
}

func (i ConfigurationPolicyArray) ToConfigurationPolicyArrayOutput() ConfigurationPolicyArrayOutput {
	return i.ToConfigurationPolicyArrayOutputWithContext(context.Background())
}

func (i ConfigurationPolicyArray) ToConfigurationPolicyArrayOutputWithContext(ctx context.Context) ConfigurationPolicyArrayOutput {
	return pulumi.ToOutputWithContext(ctx, i).(ConfigurationPolicyArrayOutput)
}

// ConfigurationPolicyMapInput is an input type that accepts ConfigurationPolicyMap and ConfigurationPolicyMapOutput values.
// You can construct a concrete instance of `ConfigurationPolicyMapInput` via:
//
//	ConfigurationPolicyMap{ "key": ConfigurationPolicyArgs{...} }
type ConfigurationPolicyMapInput interface {
	pulumi.Input

	ToConfigurationPolicyMapOutput() ConfigurationPolicyMapOutput
	ToConfigurationPolicyMapOutputWithContext(context.Context) ConfigurationPolicyMapOutput
}

type ConfigurationPolicyMap map[string]ConfigurationPolicyInput

func (ConfigurationPolicyMap) ElementType() reflect.Type {
	return reflect.TypeOf((*map[string]*ConfigurationPolicy)(nil)).Elem()
}

func (i ConfigurationPolicyMap) ToConfigurationPolicyMapOutput() ConfigurationPolicyMapOutput {
	return i.ToConfigurationPolicyMapOutputWithContext(context.Background())
}

func (i ConfigurationPolicyMap) ToConfigurationPolicyMapOutputWithContext(ctx context.Context) ConfigurationPolicyMapOutput {
	return pulumi.ToOutputWithContext(ctx, i).(ConfigurationPolicyMapOutput)
}

type ConfigurationPolicyOutput struct{ *pulumi.OutputState }

func (ConfigurationPolicyOutput) ElementType() reflect.Type {
	return reflect.TypeOf((**ConfigurationPolicy)(nil)).Elem()
}

func (o ConfigurationPolicyOutput) ToConfigurationPolicyOutput() ConfigurationPolicyOutput {
	return o
}

func (o ConfigurationPolicyOutput) ToConfigurationPolicyOutputWithContext(ctx context.Context) ConfigurationPolicyOutput {
	return o
}

func (o ConfigurationPolicyOutput) Arn() pulumi.StringOutput {
	return o.ApplyT(func(v *ConfigurationPolicy) pulumi.StringOutput { return v.Arn }).(pulumi.StringOutput)
}

// Defines how Security Hub is configured. See below.
func (o ConfigurationPolicyOutput) ConfigurationPolicy() ConfigurationPolicyConfigurationPolicyOutput {
	return o.ApplyT(func(v *ConfigurationPolicy) ConfigurationPolicyConfigurationPolicyOutput {
		return v.ConfigurationPolicy
	}).(ConfigurationPolicyConfigurationPolicyOutput)
}

// The description of the configuration policy.
func (o ConfigurationPolicyOutput) Description() pulumi.StringPtrOutput {
	return o.ApplyT(func(v *ConfigurationPolicy) pulumi.StringPtrOutput { return v.Description }).(pulumi.StringPtrOutput)
}

// The name of the configuration policy.
func (o ConfigurationPolicyOutput) Name() pulumi.StringOutput {
	return o.ApplyT(func(v *ConfigurationPolicy) pulumi.StringOutput { return v.Name }).(pulumi.StringOutput)
}

type ConfigurationPolicyArrayOutput struct{ *pulumi.OutputState }

func (ConfigurationPolicyArrayOutput) ElementType() reflect.Type {
	return reflect.TypeOf((*[]*ConfigurationPolicy)(nil)).Elem()
}

func (o ConfigurationPolicyArrayOutput) ToConfigurationPolicyArrayOutput() ConfigurationPolicyArrayOutput {
	return o
}

func (o ConfigurationPolicyArrayOutput) ToConfigurationPolicyArrayOutputWithContext(ctx context.Context) ConfigurationPolicyArrayOutput {
	return o
}

func (o ConfigurationPolicyArrayOutput) Index(i pulumi.IntInput) ConfigurationPolicyOutput {
	return pulumi.All(o, i).ApplyT(func(vs []interface{}) *ConfigurationPolicy {
		return vs[0].([]*ConfigurationPolicy)[vs[1].(int)]
	}).(ConfigurationPolicyOutput)
}

type ConfigurationPolicyMapOutput struct{ *pulumi.OutputState }

func (ConfigurationPolicyMapOutput) ElementType() reflect.Type {
	return reflect.TypeOf((*map[string]*ConfigurationPolicy)(nil)).Elem()
}

func (o ConfigurationPolicyMapOutput) ToConfigurationPolicyMapOutput() ConfigurationPolicyMapOutput {
	return o
}

func (o ConfigurationPolicyMapOutput) ToConfigurationPolicyMapOutputWithContext(ctx context.Context) ConfigurationPolicyMapOutput {
	return o
}

func (o ConfigurationPolicyMapOutput) MapIndex(k pulumi.StringInput) ConfigurationPolicyOutput {
	return pulumi.All(o, k).ApplyT(func(vs []interface{}) *ConfigurationPolicy {
		return vs[0].(map[string]*ConfigurationPolicy)[vs[1].(string)]
	}).(ConfigurationPolicyOutput)
}

func init() {
	pulumi.RegisterInputType(reflect.TypeOf((*ConfigurationPolicyInput)(nil)).Elem(), &ConfigurationPolicy{})
	pulumi.RegisterInputType(reflect.TypeOf((*ConfigurationPolicyArrayInput)(nil)).Elem(), ConfigurationPolicyArray{})
	pulumi.RegisterInputType(reflect.TypeOf((*ConfigurationPolicyMapInput)(nil)).Elem(), ConfigurationPolicyMap{})
	pulumi.RegisterOutputType(ConfigurationPolicyOutput{})
	pulumi.RegisterOutputType(ConfigurationPolicyArrayOutput{})
	pulumi.RegisterOutputType(ConfigurationPolicyMapOutput{})
}