delegated_admins
Creates, updates, deletes or gets a delegated_admin resource or lists delegated_admins in a region
Overview
| Name | delegated_admins |
| Type | Resource |
| Description | The AWS::SecurityHub::DelegatedAdmin resource represents the AWS Security Hub delegated admin account in your organization. One delegated admin resource is allowed to create for the organization in each region in which you configure the AdminAccountId. |
| Id | aws.securityhub.delegated_admins |
Fields
| Name | Datatype | Description |
|---|---|---|
delegated_admin_identifier | string | The identifier of the DelegatedAdmin being created and assigned as the unique identifier |
admin_account_id | string | The Amazon Web Services account identifier of the account to designate as the Security Hub administrator account |
status | string | The current status of the Security Hub administrator account. Indicates whether the account is currently enabled as a Security Hub administrator |
region | string | AWS region. |
Methods
| Name | Accessible by | Required Params |
|---|---|---|
create_resource | INSERT | AdminAccountId, region |
delete_resource | DELETE | data__Identifier, region |
list_resources | SELECT | region |
get_resource | SELECT | data__Identifier, region |
SELECT examples
Gets all delegated_admins in a region.
SELECT
region,
delegated_admin_identifier,
admin_account_id,
status
FROM aws.securityhub.delegated_admins
WHERE region = 'us-east-1';
Gets all properties from an individual delegated_admin.
SELECT
region,
delegated_admin_identifier,
admin_account_id,
status
FROM aws.securityhub.delegated_admins
WHERE region = 'us-east-1' AND data__Identifier = '<DelegatedAdminIdentifier>';
INSERT example
Use the following StackQL query and manifest file to create a new delegated_admin resource, using stack-deploy.
- Required Properties
- All Properties
- Manifest
/*+ create */
INSERT INTO aws.securityhub.delegated_admins (
AdminAccountId,
region
)
SELECT
'{{ AdminAccountId }}',
'{{ region }}';
/*+ create */
INSERT INTO aws.securityhub.delegated_admins (
AdminAccountId,
region
)
SELECT
'{{ AdminAccountId }}',
'{{ region }}';
version: 1
name: stack name
description: stack description
providers:
- aws
globals:
- name: region
value: '{{ vars.AWS_REGION }}'
resources:
- name: delegated_admin
props:
- name: AdminAccountId
value: '{{ AdminAccountId }}'
DELETE example
/*+ delete */
DELETE FROM aws.securityhub.delegated_admins
WHERE data__Identifier = '<DelegatedAdminIdentifier>'
AND region = 'us-east-1';
Permissions
To operate on the delegated_admins resource, the following permissions are required:
Create
securityhub:EnableOrganizationAdminAccount,
organizations:DescribeOrganization,
organizations:EnableAWSServiceAccess,
organizations:RegisterDelegatedAdministrator
Read
securityhub:ListOrganizationAdminAccounts,
organizations:DescribeOrganization
Delete
securityhub:DisableOrganizationAdminAccount,
organizations:DescribeOrganization
List
securityhub:ListOrganizationAdminAccounts,
organizations:DescribeOrganization