AWS Fundamentals Logo
AWS Fundamentals
AWS::SecurityHub::DelegatedAdmin

SecurityHub DelegatedAdmin

The AWS::SecurityHub::DelegatedAdmin resource designates the delegated ASHlong administrator account for an organization. You must enable the integration between ASH and AOlong before you can designate a delegated ASH administrator. Only the management account for an organization can designate the delegated ASH administrator account. For more information, see [Designating the delegated administrator](https://docs.aws.amazon.com/securityhub/latest/userguide/designate-orgs-admin-account.htm...

Properties

1 configurable property. 1 required. Click a row to see details.

Filter:
PropertyTypeFlags
AdminAccountId
string
RequiredCreate-only

Return Values

Values returned after the resource is created. Access these with Fn::GetAtt.

AttributeTypeDescription
DelegatedAdminIdentifierstring-
Statusstring-

Sample CloudFormation Template

A minimal template with required properties and common optional ones.

template.yaml
AWSTemplateFormatVersion: "2010-09-09"
Description: Sample template for AWS::SecurityHub::DelegatedAdmin

Resources:
  MyResource:
    Type: AWS::SecurityHub::DelegatedAdmin
    Properties:
      AdminAccountId: "my-adminaccountid"

Required IAM Permissions

Permissions CloudFormation needs in your IAM role to manage this resource.

create

securityhub:EnableOrganizationAdminAccountorganizations:DescribeOrganizationorganizations:EnableAWSServiceAccessorganizations:RegisterDelegatedAdministrator

read

securityhub:ListOrganizationAdminAccountsorganizations:DescribeOrganization

delete

securityhub:DisableOrganizationAdminAccountorganizations:DescribeOrganization

list

securityhub:ListOrganizationAdminAccountsorganizations:DescribeOrganization

Learn AWS the Practical Way

Our bi-weekly newsletter teaches hands-on AWS fundamentals. No certification fluff - just practical knowledge.

Subscribe to Newsletter

Quick Facts

ServiceSecurityHub
Properties3
Required1
TaggingNot supported
Primary IDDelegatedAdminIdentifier

Supported Operations

CreateReadDeleteList

Immutable After Creation

These properties cannot be changed after the resource is created. Updating them triggers a replacement.

AdminAccountId

Related Resources

External Links