github.com/pulumi/pulumi-aws/sdk/v6@v6.32.0/go/aws/securityhub/organizationConfiguration.go (about) 1 // Code generated by the Pulumi Terraform Bridge (tfgen) Tool DO NOT EDIT. 2 // *** WARNING: Do not edit by hand unless you're certain you know what you are doing! *** 3 4 package securityhub 5 6 import ( 7 "context" 8 "reflect" 9 10 "errors" 11 "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/internal" 12 "github.com/pulumi/pulumi/sdk/v3/go/pulumi" 13 ) 14 15 // Manages the Security Hub Organization Configuration. 16 // 17 // > **NOTE:** This resource requires an `securityhub.OrganizationAdminAccount` to be configured (not necessarily with Pulumi). More information about managing Security Hub in an organization can be found in the [Managing administrator and member accounts](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-accounts.html) documentation. 18 // 19 // > **NOTE:** In order to set the `configurationType` to `CENTRAL`, the delegated admin must be a member account of the organization and not the management account. Central configuration also requires an `securityhub.FindingAggregator` to be configured. 20 // 21 // > **NOTE:** This is an advanced AWS resource. Pulumi will automatically assume management of the Security Hub Organization Configuration without import and perform no actions on removal from the Pulumi program. 22 // 23 // > **NOTE:** Deleting this resource resets security hub to a local organization configuration with auto enable false. 24 // 25 // ## Example Usage 26 // 27 // ### Local Configuration 28 // 29 // <!--Start PulumiCodeChooser --> 30 // ```go 31 // package main 32 // 33 // import ( 34 // 35 // "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/organizations" 36 // "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/securityhub" 37 // "github.com/pulumi/pulumi/sdk/v3/go/pulumi" 38 // 39 // ) 40 // 41 // func main() { 42 // pulumi.Run(func(ctx *pulumi.Context) error { 43 // example, err := organizations.NewOrganization(ctx, "example", &organizations.OrganizationArgs{ 44 // AwsServiceAccessPrincipals: pulumi.StringArray{ 45 // pulumi.String("securityhub.amazonaws.com"), 46 // }, 47 // FeatureSet: pulumi.String("ALL"), 48 // }) 49 // if err != nil { 50 // return err 51 // } 52 // _, err = securityhub.NewOrganizationAdminAccount(ctx, "example", &securityhub.OrganizationAdminAccountArgs{ 53 // AdminAccountId: pulumi.String("123456789012"), 54 // }, pulumi.DependsOn([]pulumi.Resource{ 55 // example, 56 // })) 57 // if err != nil { 58 // return err 59 // } 60 // _, err = securityhub.NewOrganizationConfiguration(ctx, "example", &securityhub.OrganizationConfigurationArgs{ 61 // AutoEnable: pulumi.Bool(true), 62 // }) 63 // if err != nil { 64 // return err 65 // } 66 // return nil 67 // }) 68 // } 69 // 70 // ``` 71 // <!--End PulumiCodeChooser --> 72 // 73 // ### Central Configuration 74 // 75 // <!--Start PulumiCodeChooser --> 76 // ```go 77 // package main 78 // 79 // import ( 80 // 81 // "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/securityhub" 82 // "github.com/pulumi/pulumi/sdk/v3/go/pulumi" 83 // 84 // ) 85 // 86 // func main() { 87 // pulumi.Run(func(ctx *pulumi.Context) error { 88 // example, err := securityhub.NewOrganizationAdminAccount(ctx, "example", &securityhub.OrganizationAdminAccountArgs{ 89 // AdminAccountId: pulumi.String("123456789012"), 90 // }, pulumi.DependsOn([]pulumi.Resource{ 91 // exampleAwsOrganizationsOrganization, 92 // })) 93 // if err != nil { 94 // return err 95 // } 96 // exampleFindingAggregator, err := securityhub.NewFindingAggregator(ctx, "example", &securityhub.FindingAggregatorArgs{ 97 // LinkingMode: pulumi.String("ALL_REGIONS"), 98 // }, pulumi.DependsOn([]pulumi.Resource{ 99 // example, 100 // })) 101 // if err != nil { 102 // return err 103 // } 104 // _, err = securityhub.NewOrganizationConfiguration(ctx, "example", &securityhub.OrganizationConfigurationArgs{ 105 // AutoEnable: pulumi.Bool(false), 106 // AutoEnableStandards: pulumi.String("NONE"), 107 // OrganizationConfiguration: &securityhub.OrganizationConfigurationOrganizationConfigurationArgs{ 108 // ConfigurationType: pulumi.String("CENTRAL"), 109 // }, 110 // }, pulumi.DependsOn([]pulumi.Resource{ 111 // exampleFindingAggregator, 112 // })) 113 // if err != nil { 114 // return err 115 // } 116 // return nil 117 // }) 118 // } 119 // 120 // ``` 121 // <!--End PulumiCodeChooser --> 122 // 123 // ## Import 124 // 125 // Using `pulumi import`, import an existing Security Hub enabled account using the AWS account ID. For example: 126 // 127 // ```sh 128 // $ pulumi import aws:securityhub/organizationConfiguration:OrganizationConfiguration example 123456789012 129 // ``` 130 type OrganizationConfiguration struct { 131 pulumi.CustomResourceState 132 133 // Whether to automatically enable Security Hub for new accounts in the organization. 134 AutoEnable pulumi.BoolOutput `pulumi:"autoEnable"` 135 // Whether to automatically enable Security Hub default standards for new member accounts in the organization. By default, this parameter is equal to `DEFAULT`, and new member accounts are automatically enabled with default Security Hub standards. To opt out of enabling default standards for new member accounts, set this parameter equal to `NONE`. 136 AutoEnableStandards pulumi.StringOutput `pulumi:"autoEnableStandards"` 137 // Provides information about the way an organization is configured in Security Hub. 138 OrganizationConfiguration OrganizationConfigurationOrganizationConfigurationOutput `pulumi:"organizationConfiguration"` 139 } 140 141 // NewOrganizationConfiguration registers a new resource with the given unique name, arguments, and options. 142 func NewOrganizationConfiguration(ctx *pulumi.Context, 143 name string, args *OrganizationConfigurationArgs, opts ...pulumi.ResourceOption) (*OrganizationConfiguration, error) { 144 if args == nil { 145 return nil, errors.New("missing one or more required arguments") 146 } 147 148 if args.AutoEnable == nil { 149 return nil, errors.New("invalid value for required argument 'AutoEnable'") 150 } 151 opts = internal.PkgResourceDefaultOpts(opts) 152 var resource OrganizationConfiguration 153 err := ctx.RegisterResource("aws:securityhub/organizationConfiguration:OrganizationConfiguration", name, args, &resource, opts...) 154 if err != nil { 155 return nil, err 156 } 157 return &resource, nil 158 } 159 160 // GetOrganizationConfiguration gets an existing OrganizationConfiguration resource's state with the given name, ID, and optional 161 // state properties that are used to uniquely qualify the lookup (nil if not required). 162 func GetOrganizationConfiguration(ctx *pulumi.Context, 163 name string, id pulumi.IDInput, state *OrganizationConfigurationState, opts ...pulumi.ResourceOption) (*OrganizationConfiguration, error) { 164 var resource OrganizationConfiguration 165 err := ctx.ReadResource("aws:securityhub/organizationConfiguration:OrganizationConfiguration", name, id, state, &resource, opts...) 166 if err != nil { 167 return nil, err 168 } 169 return &resource, nil 170 } 171 172 // Input properties used for looking up and filtering OrganizationConfiguration resources. 173 type organizationConfigurationState struct { 174 // Whether to automatically enable Security Hub for new accounts in the organization. 175 AutoEnable *bool `pulumi:"autoEnable"` 176 // Whether to automatically enable Security Hub default standards for new member accounts in the organization. By default, this parameter is equal to `DEFAULT`, and new member accounts are automatically enabled with default Security Hub standards. To opt out of enabling default standards for new member accounts, set this parameter equal to `NONE`. 177 AutoEnableStandards *string `pulumi:"autoEnableStandards"` 178 // Provides information about the way an organization is configured in Security Hub. 179 OrganizationConfiguration *OrganizationConfigurationOrganizationConfiguration `pulumi:"organizationConfiguration"` 180 } 181 182 type OrganizationConfigurationState struct { 183 // Whether to automatically enable Security Hub for new accounts in the organization. 184 AutoEnable pulumi.BoolPtrInput 185 // Whether to automatically enable Security Hub default standards for new member accounts in the organization. By default, this parameter is equal to `DEFAULT`, and new member accounts are automatically enabled with default Security Hub standards. To opt out of enabling default standards for new member accounts, set this parameter equal to `NONE`. 186 AutoEnableStandards pulumi.StringPtrInput 187 // Provides information about the way an organization is configured in Security Hub. 188 OrganizationConfiguration OrganizationConfigurationOrganizationConfigurationPtrInput 189 } 190 191 func (OrganizationConfigurationState) ElementType() reflect.Type { 192 return reflect.TypeOf((*organizationConfigurationState)(nil)).Elem() 193 } 194 195 type organizationConfigurationArgs struct { 196 // Whether to automatically enable Security Hub for new accounts in the organization. 197 AutoEnable bool `pulumi:"autoEnable"` 198 // Whether to automatically enable Security Hub default standards for new member accounts in the organization. By default, this parameter is equal to `DEFAULT`, and new member accounts are automatically enabled with default Security Hub standards. To opt out of enabling default standards for new member accounts, set this parameter equal to `NONE`. 199 AutoEnableStandards *string `pulumi:"autoEnableStandards"` 200 // Provides information about the way an organization is configured in Security Hub. 201 OrganizationConfiguration *OrganizationConfigurationOrganizationConfiguration `pulumi:"organizationConfiguration"` 202 } 203 204 // The set of arguments for constructing a OrganizationConfiguration resource. 205 type OrganizationConfigurationArgs struct { 206 // Whether to automatically enable Security Hub for new accounts in the organization. 207 AutoEnable pulumi.BoolInput 208 // Whether to automatically enable Security Hub default standards for new member accounts in the organization. By default, this parameter is equal to `DEFAULT`, and new member accounts are automatically enabled with default Security Hub standards. To opt out of enabling default standards for new member accounts, set this parameter equal to `NONE`. 209 AutoEnableStandards pulumi.StringPtrInput 210 // Provides information about the way an organization is configured in Security Hub. 211 OrganizationConfiguration OrganizationConfigurationOrganizationConfigurationPtrInput 212 } 213 214 func (OrganizationConfigurationArgs) ElementType() reflect.Type { 215 return reflect.TypeOf((*organizationConfigurationArgs)(nil)).Elem() 216 } 217 218 type OrganizationConfigurationInput interface { 219 pulumi.Input 220 221 ToOrganizationConfigurationOutput() OrganizationConfigurationOutput 222 ToOrganizationConfigurationOutputWithContext(ctx context.Context) OrganizationConfigurationOutput 223 } 224 225 func (*OrganizationConfiguration) ElementType() reflect.Type { 226 return reflect.TypeOf((**OrganizationConfiguration)(nil)).Elem() 227 } 228 229 func (i *OrganizationConfiguration) ToOrganizationConfigurationOutput() OrganizationConfigurationOutput { 230 return i.ToOrganizationConfigurationOutputWithContext(context.Background()) 231 } 232 233 func (i *OrganizationConfiguration) ToOrganizationConfigurationOutputWithContext(ctx context.Context) OrganizationConfigurationOutput { 234 return pulumi.ToOutputWithContext(ctx, i).(OrganizationConfigurationOutput) 235 } 236 237 // OrganizationConfigurationArrayInput is an input type that accepts OrganizationConfigurationArray and OrganizationConfigurationArrayOutput values. 238 // You can construct a concrete instance of `OrganizationConfigurationArrayInput` via: 239 // 240 // OrganizationConfigurationArray{ OrganizationConfigurationArgs{...} } 241 type OrganizationConfigurationArrayInput interface { 242 pulumi.Input 243 244 ToOrganizationConfigurationArrayOutput() OrganizationConfigurationArrayOutput 245 ToOrganizationConfigurationArrayOutputWithContext(context.Context) OrganizationConfigurationArrayOutput 246 } 247 248 type OrganizationConfigurationArray []OrganizationConfigurationInput 249 250 func (OrganizationConfigurationArray) ElementType() reflect.Type { 251 return reflect.TypeOf((*[]*OrganizationConfiguration)(nil)).Elem() 252 } 253 254 func (i OrganizationConfigurationArray) ToOrganizationConfigurationArrayOutput() OrganizationConfigurationArrayOutput { 255 return i.ToOrganizationConfigurationArrayOutputWithContext(context.Background()) 256 } 257 258 func (i OrganizationConfigurationArray) ToOrganizationConfigurationArrayOutputWithContext(ctx context.Context) OrganizationConfigurationArrayOutput { 259 return pulumi.ToOutputWithContext(ctx, i).(OrganizationConfigurationArrayOutput) 260 } 261 262 // OrganizationConfigurationMapInput is an input type that accepts OrganizationConfigurationMap and OrganizationConfigurationMapOutput values. 263 // You can construct a concrete instance of `OrganizationConfigurationMapInput` via: 264 // 265 // OrganizationConfigurationMap{ "key": OrganizationConfigurationArgs{...} } 266 type OrganizationConfigurationMapInput interface { 267 pulumi.Input 268 269 ToOrganizationConfigurationMapOutput() OrganizationConfigurationMapOutput 270 ToOrganizationConfigurationMapOutputWithContext(context.Context) OrganizationConfigurationMapOutput 271 } 272 273 type OrganizationConfigurationMap map[string]OrganizationConfigurationInput 274 275 func (OrganizationConfigurationMap) ElementType() reflect.Type { 276 return reflect.TypeOf((*map[string]*OrganizationConfiguration)(nil)).Elem() 277 } 278 279 func (i OrganizationConfigurationMap) ToOrganizationConfigurationMapOutput() OrganizationConfigurationMapOutput { 280 return i.ToOrganizationConfigurationMapOutputWithContext(context.Background()) 281 } 282 283 func (i OrganizationConfigurationMap) ToOrganizationConfigurationMapOutputWithContext(ctx context.Context) OrganizationConfigurationMapOutput { 284 return pulumi.ToOutputWithContext(ctx, i).(OrganizationConfigurationMapOutput) 285 } 286 287 type OrganizationConfigurationOutput struct{ *pulumi.OutputState } 288 289 func (OrganizationConfigurationOutput) ElementType() reflect.Type { 290 return reflect.TypeOf((**OrganizationConfiguration)(nil)).Elem() 291 } 292 293 func (o OrganizationConfigurationOutput) ToOrganizationConfigurationOutput() OrganizationConfigurationOutput { 294 return o 295 } 296 297 func (o OrganizationConfigurationOutput) ToOrganizationConfigurationOutputWithContext(ctx context.Context) OrganizationConfigurationOutput { 298 return o 299 } 300 301 // Whether to automatically enable Security Hub for new accounts in the organization. 302 func (o OrganizationConfigurationOutput) AutoEnable() pulumi.BoolOutput { 303 return o.ApplyT(func(v *OrganizationConfiguration) pulumi.BoolOutput { return v.AutoEnable }).(pulumi.BoolOutput) 304 } 305 306 // Whether to automatically enable Security Hub default standards for new member accounts in the organization. By default, this parameter is equal to `DEFAULT`, and new member accounts are automatically enabled with default Security Hub standards. To opt out of enabling default standards for new member accounts, set this parameter equal to `NONE`. 307 func (o OrganizationConfigurationOutput) AutoEnableStandards() pulumi.StringOutput { 308 return o.ApplyT(func(v *OrganizationConfiguration) pulumi.StringOutput { return v.AutoEnableStandards }).(pulumi.StringOutput) 309 } 310 311 // Provides information about the way an organization is configured in Security Hub. 312 func (o OrganizationConfigurationOutput) OrganizationConfiguration() OrganizationConfigurationOrganizationConfigurationOutput { 313 return o.ApplyT(func(v *OrganizationConfiguration) OrganizationConfigurationOrganizationConfigurationOutput { 314 return v.OrganizationConfiguration 315 }).(OrganizationConfigurationOrganizationConfigurationOutput) 316 } 317 318 type OrganizationConfigurationArrayOutput struct{ *pulumi.OutputState } 319 320 func (OrganizationConfigurationArrayOutput) ElementType() reflect.Type { 321 return reflect.TypeOf((*[]*OrganizationConfiguration)(nil)).Elem() 322 } 323 324 func (o OrganizationConfigurationArrayOutput) ToOrganizationConfigurationArrayOutput() OrganizationConfigurationArrayOutput { 325 return o 326 } 327 328 func (o OrganizationConfigurationArrayOutput) ToOrganizationConfigurationArrayOutputWithContext(ctx context.Context) OrganizationConfigurationArrayOutput { 329 return o 330 } 331 332 func (o OrganizationConfigurationArrayOutput) Index(i pulumi.IntInput) OrganizationConfigurationOutput { 333 return pulumi.All(o, i).ApplyT(func(vs []interface{}) *OrganizationConfiguration { 334 return vs[0].([]*OrganizationConfiguration)[vs[1].(int)] 335 }).(OrganizationConfigurationOutput) 336 } 337 338 type OrganizationConfigurationMapOutput struct{ *pulumi.OutputState } 339 340 func (OrganizationConfigurationMapOutput) ElementType() reflect.Type { 341 return reflect.TypeOf((*map[string]*OrganizationConfiguration)(nil)).Elem() 342 } 343 344 func (o OrganizationConfigurationMapOutput) ToOrganizationConfigurationMapOutput() OrganizationConfigurationMapOutput { 345 return o 346 } 347 348 func (o OrganizationConfigurationMapOutput) ToOrganizationConfigurationMapOutputWithContext(ctx context.Context) OrganizationConfigurationMapOutput { 349 return o 350 } 351 352 func (o OrganizationConfigurationMapOutput) MapIndex(k pulumi.StringInput) OrganizationConfigurationOutput { 353 return pulumi.All(o, k).ApplyT(func(vs []interface{}) *OrganizationConfiguration { 354 return vs[0].(map[string]*OrganizationConfiguration)[vs[1].(string)] 355 }).(OrganizationConfigurationOutput) 356 } 357 358 func init() { 359 pulumi.RegisterInputType(reflect.TypeOf((*OrganizationConfigurationInput)(nil)).Elem(), &OrganizationConfiguration{}) 360 pulumi.RegisterInputType(reflect.TypeOf((*OrganizationConfigurationArrayInput)(nil)).Elem(), OrganizationConfigurationArray{}) 361 pulumi.RegisterInputType(reflect.TypeOf((*OrganizationConfigurationMapInput)(nil)).Elem(), OrganizationConfigurationMap{}) 362 pulumi.RegisterOutputType(OrganizationConfigurationOutput{}) 363 pulumi.RegisterOutputType(OrganizationConfigurationArrayOutput{}) 364 pulumi.RegisterOutputType(OrganizationConfigurationMapOutput{}) 365 }