OrganizationConfiguration

Indicates whether the organization uses local or central configuration.

If you use local configuration, the Security Hub delegated administrator can set AutoEnable to true and AutoEnableStandards to DEFAULT. This automatically enables Security Hub and default security standards in new organization accounts. These new account settings must be set separately in each AWS Region, and settings may be different in each Region.

If you use central configuration, the delegated administrator can create configuration policies. Configuration policies can be used to configure Security Hub, security standards, and security controls in multiple accounts and Regions. If you want new organization accounts to use a specific configuration, you can create a configuration policy and associate it with the root or specific organizational units (OUs). New accounts will inherit the policy from the root or their assigned OU.

Type: String

Valid Values: CENTRAL | LOCAL

Required: No

Describes whether central configuration could be enabled as the ConfigurationType for the organization. If your ConfigurationType is local configuration, then the value of Status is always ENABLED.

Type: String

Valid Values: PENDING | ENABLED | FAILED

Required: No

Provides an explanation if the value of Status is equal to FAILED when ConfigurationType is equal to CENTRAL.

Type: String

Pattern: .*\S.*

Required: No