Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SecurityHub: Ability to disable specific compliance controls #19437

Closed
jgeurts opened this issue May 19, 2021 · 2 comments
Closed

SecurityHub: Ability to disable specific compliance controls #19437

jgeurts opened this issue May 19, 2021 · 2 comments
Labels
enhancement Requests to existing resources that expand the functionality or scope. service/securityhub Issues and PRs that pertain to the securityhub service.

Comments

@jgeurts
Copy link
Contributor

jgeurts commented May 19, 2021

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Provide a way to disable specific compliance controls from terraform.

New or Affected Resource(s)

  • aws_securityhub_standards_control

Potential Terraform Configuration

resource "aws_securityhub_account" "example" {}

resource "aws_securityhub_standards_subscription" "cis_aws_foundations_benchmark" {
  standards_arn = "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0"
  depends_on    = [aws_securityhub_account.example]
}

resource "aws_securityhub_standards_control" "ensure_iam_password_policy_prevents_password_reuse" {
  arn             = "arn:aws:securityhub:us-east-1:078884324539:control/cis-aws-foundations-benchmark/v/1.2.0/1.10"
  control_status  = "DISABLED"
  disabled_reason = "We handle password policies within Okta" 
  depends_on      = [aws_securityhub_standards_subscription.cis_aws_foundations_benchmark]
}

References
@jgeurts jgeurts added the enhancement Requests to existing resources that expand the functionality or scope. label May 19, 2021
@ghost ghost added the service/securityhub Issues and PRs that pertain to the securityhub service. label May 19, 2021
@github-actions github-actions bot added the needs-triage Waiting for first response or review from a maintainer. label May 19, 2021
@jgeurts jgeurts closed this as completed Jul 13, 2021
@jgeurts
Copy link
Contributor Author

jgeurts commented Jul 13, 2021

Closing as #14714 was merged!

@mrwacky42 mrwacky42 mentioned this issue Aug 3, 2021
Open
@github-actions
Copy link

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Aug 13, 2021
@breathingdust breathingdust removed the needs-triage Waiting for first response or review from a maintainer. label Sep 17, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
enhancement Requests to existing resources that expand the functionality or scope. service/securityhub Issues and PRs that pertain to the securityhub service.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jgeurts @breathingdust