ConfigurationPolicy
The ConfigurationPolicy resource lets you define and manage AWS SecurityHub ConfigurationPolicys for your AWS environment. These policies are critical for enforcing security best practices and compliance standards.
Minimal Example
Create a basic configuration policy with required properties and a description.
ts
import AWS from "alchemy/aws/control";
const basicPolicy = await AWS.SecurityHub.ConfigurationPolicy("basicPolicy", {
Name: "MySecurityPolicy",
Description: "This policy enforces security best practices.",
ConfigurationPolicy: {
Version: "2012-10-17",
Statement: [
{
Effect: "Allow",
Action: "securityhub:EnableSecurityHub",
Resource: "*"
}
]
}
});Advanced Configuration
This example demonstrates how to create a configuration policy with tags for enhanced resource management.
ts
const advancedPolicy = await AWS.SecurityHub.ConfigurationPolicy("advancedPolicy", {
Name: "AdvancedSecurityPolicy",
Description: "This policy includes tags for better identification.",
ConfigurationPolicy: {
Version: "2012-10-17",
Statement: [
{
Effect: "Allow",
Action: [
"securityhub:UpdateFindings",
"securityhub:GetFinding"
],
Resource: "*"
}
]
},
Tags: {
Environment: "Production",
Owner: "SecurityTeam"
}
});Using Adopt Flag
This example shows how to use the adopt flag to manage existing resources without failure.
ts
const adoptPolicy = await AWS.SecurityHub.ConfigurationPolicy("adoptPolicy", {
Name: "ExistingResourcePolicy",
Description: "This policy adopts an existing configuration policy if present.",
ConfigurationPolicy: {
Version: "2012-10-17",
Statement: [
{
Effect: "Allow",
Action: "securityhub:ListFindings",
Resource: "*"
}
]
},
adopt: true
});