AWS Security Hub (securityhub)

Additions

Actions

• CreateConnector
  
  • Description:  Grants permission to create a connector based on input parameters
  • Access:  Write
  • Conditions: 

    aws:RequestTag/${TagKey}

    aws:TagKeys

• DeleteConnector
  
  • Description:  Grants permission to delete a connector in Security Hub CSPM
  • Access:  Write
  • Resources: 

    Name: connector

    Required: Yes

• DisableSecurityHubFeatureV2
  
  • Description:  Grants permission to disable a Security Hub V2 feature
  • Access:  Write
  • Resources: 

    Name: hubv2

    Required: Yes

• EnableSecurityHubFeatureV2
  
  • Description:  Grants permission to enable a Security Hub V2 feature
  • Access:  Write
  • Resources: 

    Name: hubv2

    Required: Yes

• GetConnector
  
  • Description:  Grants permission to retrieve details for a connector from Security Hub CSPM based on connector id
  • Access:  Read
  • Resources: 

    Name: connector

    Required: Yes

• ListConnectors
  
  • Description:  Grants permission to retrieve a list of connectors and their metadata for the calling account from Security Hub CSPM
  • Access:  List
• UpdateConnector
  
  • Description:  Grants permission to update a connector in Security Hub CSPM based on connector id and input parameters
  • Access:  Write
  • Resources: 

    Name: connector

    Required: Yes

Resources

• connector
  
  • Arn:  arn:${Partition}:securityhub:${Region}:${Account}:connector/${ConnectorId}
  • Conditions: 

    aws:ResourceTag/${TagKey}

Updates

Actions

• UpdateConnectorV2
  
  Resources
  
  • ＋ connector
• UpdateFindingAggregator
  
  Resources
  
  • ＋ connector