CreateConfigurationPolicy
Creates a configuration policy with the defined configuration. Only the AWS Security Hub delegated administrator can invoke this operation from the home Region.
Request Syntax
POST /configurationPolicy/create HTTP/1.1
Content-type: application/json
{
"ConfigurationPolicy": { ... },
"Description": "string
",
"Name": "string
",
"Tags": {
"string
" : "string
"
}
}
URI Request Parameters
The request does not use any URI parameters.
Request Body
The request accepts the following data in JSON format.
- ConfigurationPolicy
-
An object that defines how Security Hub is configured. It includes whether Security Hub is enabled or disabled, a list of enabled security standards, a list of enabled or disabled security controls, and a list of custom parameter values for specified controls. If you provide a list of security controls that are enabled in the configuration policy, Security Hub disables all other controls (including newly released controls). If you provide a list of security controls that are disabled in the configuration policy, Security Hub enables all other controls (including newly released controls).
Type: Policy object
Note: This object is a Union. Only one member of this object can be specified or returned.
Required: Yes
- Description
-
The description of the configuration policy.
Type: String
Pattern:
.*\S.*
Required: No
- Name
-
The name of the configuration policy. Alphanumeric characters and the following ASCII characters are permitted:
-, ., !, *, /
.Type: String
Pattern:
.*\S.*
Required: Yes
- Tags
-
User-defined tags associated with a configuration policy. For more information, see Tagging AWS Security Hub resources in the Security Hub user guide.
Type: String to string map
Map Entries: Maximum number of 50 items.
Key Length Constraints: Minimum length of 1. Maximum length of 128.
Key Pattern:
^(?!aws:)[a-zA-Z+-=._:/]+$
Value Length Constraints: Maximum length of 256.
Required: No
Response Syntax
HTTP/1.1 200
Content-type: application/json
{
"Arn": "string",
"ConfigurationPolicy": { ... },
"CreatedAt": "string",
"Description": "string",
"Id": "string",
"Name": "string",
"UpdatedAt": "string"
}
Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
- Arn
-
The Amazon Resource Name (ARN) of the configuration policy.
Type: String
Pattern:
.*\S.*
- ConfigurationPolicy
-
An object that defines how Security Hub is configured. It includes whether Security Hub is enabled or disabled, a list of enabled security standards, a list of enabled or disabled security controls, and a list of custom parameter values for specified controls. If the request included a list of security controls that are enabled in the configuration policy, Security Hub disables all other controls (including newly released controls). If the request included a list of security controls that are disabled in the configuration policy, Security Hub enables all other controls (including newly released controls).
Type: Policy object
Note: This object is a Union. Only one member of this object can be specified or returned.
- CreatedAt
-
The date and time, in UTC and ISO 8601 format, that the configuration policy was created.
Type: Timestamp
- Description
-
The description of the configuration policy.
Type: String
Pattern:
.*\S.*
- Id
-
The universally unique identifier (UUID) of the configuration policy.
Type: String
Pattern:
.*\S.*
- Name
-
The name of the configuration policy.
Type: String
Pattern:
.*\S.*
- UpdatedAt
-
The date and time, in UTC and ISO 8601 format, that the configuration policy was last updated.
Type: Timestamp
Errors
For information about the errors that are common to all actions, see Common Errors.
- AccessDeniedException
-
You don't have permission to perform the action specified in the request.
HTTP Status Code: 403
- InternalException
-
Internal server error.
HTTP Status Code: 500
- InvalidAccessException
-
The account doesn't have permission to perform this action.
HTTP Status Code: 401
- InvalidInputException
-
The request was rejected because you supplied an invalid or out-of-range value for an input parameter.
HTTP Status Code: 400
- LimitExceededException
-
The request was rejected because it attempted to create resources beyond the current AWS account or throttling limits. The error code describes the limit exceeded.
HTTP Status Code: 429
- ResourceConflictException
-
The resource specified in the request conflicts with an existing resource.
HTTP Status Code: 409
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following: