AWS::SecurityHub::SecurityControl

SecurityHub SecurityControl

A security control in Security Hub describes a security best practice related to a specific resource.

Properties

4 configurable properties. 1 required. Click a row to see details.

Filter:

Property	Type	Flags
`Parameters`	`Parameters`	Required
`LastUpdateReason`	`string`
`SecurityControlArn`	`string`
`SecurityControlId`	`string`	Create-only

Sample CloudFormation Template

A minimal template with required properties and common optional ones.

template.yaml

AWSTemplateFormatVersion: "2010-09-09"
Description: Sample template for AWS::SecurityHub::SecurityControl

Resources:
  MyResource:
    Type: AWS::SecurityHub::SecurityControl
    Properties:
      Parameters: "value"

Required IAM Permissions

Permissions CloudFormation needs in your IAM role to manage this resource.

create

securityhub:BatchGetSecurityControlssecurityhub:DescribeStandardsControlssecurityhub:UpdateSecurityControlsecurityhub:UpdateStandardsControl

read

securityhub:BatchGetSecurityControlssecurityhub:DescribeStandardsControls

update

securityhub:BatchGetSecurityControlssecurityhub:DescribeStandardsControlssecurityhub:UpdateSecurityControlsecurityhub:UpdateStandardsControl

delete

securityhub:BatchGetSecurityControlssecurityhub:DescribeStandardsControlssecurityhub:UpdateSecurityControlsecurityhub:UpdateStandardsControl

list

securityhub:BatchGetSecurityControlssecurityhub:DescribeStandardsControlssecurityhub:ListSecurityControlDefinitions

Learn AWS the Practical Way

Our bi-weekly newsletter teaches hands-on AWS fundamentals. No certification fluff - just practical knowledge.

Subscribe to Newsletter

Quick Facts

ServiceSecurityHub

Properties4

Required1

TaggingNot supported

Primary IDSecurityControlId

Supported Operations

CreateReadUpdateDeleteList

Immutable After Creation

These properties cannot be changed after the resource is created. Updating them triggers a replacement.

SecurityControlId

Related Resources

External Links

AWS Documentation