Skip to content
Alchemy
GitHubXDiscord

SecurityControl

The SecurityControl resource lets you manage AWS SecurityHub SecurityControls for enhancing your cloud security posture.

Minimal Example

Section titled “Minimal Example”

Create a basic SecurityControl with required properties and some optional ones.

import AWS from "alchemy/aws/control";


const securityControl = await AWS.SecurityHub.SecurityControl("basicSecurityControl", {
  Parameters: {
    severity: "HIGH",
    description: "Ensure that MFA is enabled for all IAM users."
  },
  LastUpdateReason: "Initial creation of the security control."
});

Advanced Configuration

Section titled “Advanced Configuration”

Configure a SecurityControl with additional parameters and adopt existing resources.

const advancedSecurityControl = await AWS.SecurityHub.SecurityControl("advancedSecurityControl", {
  SecurityControlId: "mfa-enabled-control",
  Parameters: {
    severity: "CRITICAL",
    description: "This control ensures that MFA is enabled for all IAM users.",
    remediation: {
      instructions: "Enable MFA for all IAM users in your AWS account."
    }
  },
  LastUpdateReason: "Updated to include remediation instructions.",
  adopt: true
});

Custom Control with Specific Parameters

Section titled “Custom Control with Specific Parameters”

Demonstrate creating a SecurityControl that includes custom parameters for a specific compliance requirement.

const complianceSecurityControl = await AWS.SecurityHub.SecurityControl("complianceSecurityControl", {
  SecurityControlId: "compliance-1234",
  Parameters: {
    complianceStandard: "CIS AWS Foundations Benchmark",
    checks: [
      {
        id: "check-1",
        description: "Check for IAM password policy compliance."
      },
      {
        id: "check-2",
        description: "Ensure CloudTrail is enabled in all regions."
      }
    ]
  },
  LastUpdateReason: "Initial creation for compliance checks."
});