finding_aggregators

Creates, updates, deletes or gets a finding_aggregator resource or lists finding_aggregators in a region

Overview

Name	`finding_aggregators`
Type	Resource
Description	The `AWS::SecurityHub::FindingAggregator` resource enables cross-Region aggregation. When cross-Region aggregation is enabled, you can aggregate findings, finding updates, insights, control compliance statuses, and security scores from one or more linked Regions to a single aggregation Region. You can then view and manage all of this data from the aggregation Region. For more details about cross-Region aggregation, see [Cross-Region aggregation](https://docs.aws.amazon.com/securityhub/latest/userguide/finding-aggregation.html) in the User Guide This resource must be created in the Region that you want to designate as your aggregation Region. Cross-Region aggregation is also a prerequisite for using [central configuration](https://docs.aws.amazon.com/securityhub/latest/userguide/central-configuration-intro.html) in ASH.
Id	`aws.securityhub.finding_aggregators`

Fields

Name	Datatype	Description
`finding_aggregator_arn`	`string`
`region_linking_mode`	`string`	Indicates whether to aggregate findings from all of the available Regions in the current partition. Also determines whether to automatically aggregate findings from new Regions as Security Hub supports them and you opt into them. The selected option also determines how to use the Regions provided in the Regions list. The options are as follows: + `ALL_REGIONS` - Aggregates findings from all of the Regions where Security Hub is enabled. When you choose this option, Security Hub also automatically aggregates findings from new Regions as Security Hub supports them and you opt into them. + `ALL_REGIONS_EXCEPT_SPECIFIED` - Aggregates findings from all of the Regions where Security Hub is enabled, except for the Regions listed in the `Regions` parameter. When you choose this option, Security Hub also automatically aggregates findings from new Regions as Security Hub supports them and you opt into them. + `SPECIFIED_REGIONS` - Aggregates findings only from the Regions listed in the `Regions` parameter. Security Hub does not automatically aggregate findings from new Regions. + `NO_REGIONS` - Aggregates no data because no Regions are selected as linked Regions.
`regions`	`array`	If `RegionLinkingMode` is `ALL_REGIONS_EXCEPT_SPECIFIED`, then this is a space-separated list of Regions that don't replicate and send findings to the home Region. If `RegionLinkingMode` is `SPECIFIED_REGIONS`, then this is a space-separated list of Regions that do replicate and send findings to the home Region. An `InvalidInputException` error results if you populate this field while `RegionLinkingMode` is `NO_REGIONS`.
`finding_aggregation_region`	`string`
`region`	`string`	AWS region.

For more information, see AWS::SecurityHub::FindingAggregator.

Methods

Name	Accessible by	Required Params
`create_resource`	`INSERT`	`RegionLinkingMode, region`
`delete_resource`	`DELETE`	`data__Identifier, region`
`update_resource`	`UPDATE`	`data__Identifier, data__PatchDocument, region`
`list_resources`	`SELECT`	`region`
`get_resource`	`SELECT`	`data__Identifier, region`

`SELECT` examples

Gets all finding_aggregators in a region.

SELECT
region,
finding_aggregator_arn,
region_linking_mode,
regions,
finding_aggregation_region
FROM aws.securityhub.finding_aggregators
WHERE region = 'us-east-1';

Gets all properties from an individual finding_aggregator.

SELECT
region,
finding_aggregator_arn,
region_linking_mode,
regions,
finding_aggregation_region
FROM aws.securityhub.finding_aggregators
WHERE region = 'us-east-1' AND data__Identifier = '<FindingAggregatorArn>';

`INSERT` example

Use the following StackQL query and manifest file to create a new finding_aggregator resource, using stack-deploy.

Required Properties
All Properties
Manifest

/*+ create */
INSERT INTO aws.securityhub.finding_aggregators (
 RegionLinkingMode,
 region
)
SELECT 
'{{ RegionLinkingMode }}',
'{{ region }}';

/*+ create */
INSERT INTO aws.securityhub.finding_aggregators (
 RegionLinkingMode,
 Regions,
 region
)
SELECT 
 '{{ RegionLinkingMode }}',
 '{{ Regions }}',
 '{{ region }}';

version: 1
name: stack name
description: stack description
providers:
  - aws
globals:
  - name: region
    value: '{{ vars.AWS_REGION }}'
resources:
  - name: finding_aggregator
    props:
      - name: RegionLinkingMode
        value: '{{ RegionLinkingMode }}'
      - name: Regions
        value:
          - '{{ Regions[0] }}'

`DELETE` example

/*+ delete */
DELETE FROM aws.securityhub.finding_aggregators
WHERE data__Identifier = '<FindingAggregatorArn>'
AND region = 'us-east-1';

Permissions

To operate on the finding_aggregators resource, the following permissions are required:

Create

securityhub:CreateFindingAggregator

Read

securityhub:GetFindingAggregator

Update

securityhub:UpdateFindingAggregator

Delete

securityhub:DeleteFindingAggregator

List

securityhub:ListFindingAggregators

Overview​

Fields​

Methods​

SELECT examples​

INSERT example​

DELETE example​

Permissions​

Create​

Read​

Update​

Delete​

List​