Syntax Properties Return values Examples

AWS::SecurityHub::FindingAggregator

The AWS::SecurityHub::FindingAggregator resource enables cross-Region aggregation. When cross-Region aggregation is enabled, you can aggregate findings, finding updates, insights, control compliance statuses, and security scores from one or more linked Regions to a single aggregation Region. You can then view and manage all of this data from the aggregation Region. For more details about cross-Region aggregation, see Cross-Region aggregation in the AWS Security Hub User Guide

This resource must be created in the Region that you want to designate as your aggregation Region.

Cross-Region aggregation is also a prerequisite for using central configuration in Security Hub.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON


{
  "Type" : "AWS::SecurityHub::FindingAggregator",
  "Properties" : {
      "RegionLinkingMode" : String,
      "Regions" : [ String, ... ]
    }
}

YAML


Type: AWS::SecurityHub::FindingAggregator
Properties:
  RegionLinkingMode: String
  Regions: 
    - String

Properties

RegionLinkingMode

Indicates whether to aggregate findings from all of the available Regions in the current partition. Also determines whether to automatically aggregate findings from new Regions as Security Hub supports them and you opt into them.

The selected option also determines how to use the Regions provided in the Regions list.

The options are as follows:

ALL_REGIONS - Aggregates findings from all of the Regions where Security Hub is enabled. When you choose this option, Security Hub also automatically aggregates findings from new Regions as Security Hub supports them and you opt into them.
ALL_REGIONS_EXCEPT_SPECIFIED - Aggregates findings from all of the Regions where Security Hub is enabled, except for the Regions listed in the Regions parameter. When you choose this option, Security Hub also automatically aggregates findings from new Regions as Security Hub supports them and you opt into them.
SPECIFIED_REGIONS - Aggregates findings only from the Regions listed in the Regions parameter. Security Hub does not automatically aggregate findings from new Regions.
NO_REGIONS - Aggregates no data because no Regions are selected as linked Regions.

Required: Yes

Type: String

Allowed values: ALL_REGIONS | ALL_REGIONS_EXCEPT_SPECIFIED | SPECIFIED_REGIONS

Update requires: No interruption

Regions

If RegionLinkingMode is ALL_REGIONS_EXCEPT_SPECIFIED, then this is a space-separated list of Regions that don't replicate and send findings to the home Region.

If RegionLinkingMode is SPECIFIED_REGIONS, then this is a space-separated list of Regions that do replicate and send findings to the home Region.

An InvalidInputException error results if you populate this field while RegionLinkingMode is NO_REGIONS.

Required: No

Type: Array of String

Minimum: 1

Maximum: 50

Update requires: No interruption

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the Amazon Resource Name (ARN) of the finding aggregator. For example, arn:aws:securityhub:us-east-1:123456789012:finding-aggregator/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111.

For more information about using the Ref function, see Ref.

Fn::GetAtt

The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.

FindingAggregationRegion: The home Region. Findings generated in linked Regions are replicated and sent to the home Region.
FindingAggregatorArn: The ARN of the finding aggregator. You use the finding aggregator ARN to retrieve details for, update, and delete the finding aggregator.

Examples

Configuring Security Hub cross-Region aggregation

The following example configures cross-Region aggregation. The region in which the resource is created is the aggregation Region. In this example, us-east-2 and us-west-1 contribute data to the aggregation Region.

JSON


{
	"Description": "Example template to configure Security Hub cross-Region aggregation",
	"Resources": {
		"SecurityHubFindingAggregator": {
			"Type": "AWS::SecurityHub::FindingAggregator",
			"Properties": {
				"RegionLinkingMode": "SPECIFIED_REGIONS",
				"Regions": ["us-west-1", "us-east-2"]
			}
		}
	}
}

YAML


Description: Example template to configure Security Hub cross-Region aggregation
Resources:
  SecurityHubFindingAggregator:
    Type: 'AWS::SecurityHub::FindingAggregator'
    Properties:
      RegionLinkingMode: 'SPECIFIED_REGIONS'
      Regions:
        - "us-west-1"
        - "us-east-2"

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

AWS::SecurityHub::DelegatedAdmin

AWS::SecurityHub::Hub