createConfigurationPolicy
abstract suspend fun createConfigurationPolicy(input: CreateConfigurationPolicyRequest): CreateConfigurationPolicyResponse
Creates a configuration policy with the defined configuration. Only the Security Hub delegated administrator can invoke this operation from the home Region.
Samples
import aws.sdk.kotlin.services.securityhub.model.ParameterConfiguration
import aws.sdk.kotlin.services.securityhub.model.ParameterValue
import aws.sdk.kotlin.services.securityhub.model.ParameterValueType
import aws.sdk.kotlin.services.securityhub.model.Policy
import aws.sdk.kotlin.services.securityhub.model.SecurityControlCustomParameter
import aws.sdk.kotlin.services.securityhub.model.SecurityControlsConfiguration
import aws.sdk.kotlin.services.securityhub.model.SecurityHubPolicy
fun main() {
//sampleStart
// This operation creates a configuration policy in Security Hub.
val resp = securityHubClient.createConfigurationPolicy {
name = "TestConfigurationPolicy"
description = "Configuration policy for testing FSBP and CIS"
configurationPolicy = Policy.SecurityHub(SecurityHubPolicy {
serviceEnabled = true
enabledStandardIdentifiers = listOf<String>(
"arn:aws:securityhub:us-east-1::standards/aws-foundational-security-best-practices/v/1.0.0",
"arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0"
)
securityControlsConfiguration = SecurityControlsConfiguration {
disabledSecurityControlIdentifiers = listOf<String>(
"CloudWatch.1"
)
securityControlCustomParameters = listOf<SecurityControlCustomParameter>(
SecurityControlCustomParameter {
securityControlId = "ACM.1"
parameters = mapOf<String, ParameterConfiguration>(
"daysToExpiration" to ParameterConfiguration {
valueType = ParameterValueType.fromValue("CUSTOM")
value = ParameterValue.Integer(14)
}
)
}
)
}
}
)
}
//sampleEnd
}