Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

r/aws_securityhub_standards_control_association: new resource #39511

Merged
merged 11 commits into from
Sep 27, 2024
Merged

r/aws_securityhub_standards_control_association: new resource #39511

merged 11 commits into from
Sep 27, 2024

Conversation

kamilturek
Copy link
Collaborator

@kamilturek kamilturek commented Sep 26, 2024
edited
Loading

Description

This PR introduces a new aws_securityhub_standards_control_association resource for enabling/disabling a control in a specific standard. Together with the aws_securityhub_standards_control_associations data source, It can be also used to disable the control in all standards.

Basic usage

resource "aws_securityhub_account" "example" {}

resource "aws_securityhub_standards_subscription" "cis_aws_foundations_benchmark" {
  standards_arn = "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0"
  depends_on    = [aws_securityhub_account.example]
}

resource "aws_standards_control_association" "cis_aws_foundations_benchmark_disable_iam_1" {
  standards_arn       = aws_securityhub_standards_subscription.cis_aws_foundations_benchmark.standards_arn
  security_control_id = "IAM.1"
  association_status  = "DISABLED"
  updated_reason      = "Not needed"
}

Disabling security control in all standards

resource "aws_securityhub_account" "example" {}

data "aws_securityhub_standards_control_associations" "iam_1" {
  security_control_id = "IAM.1"

  depends_on = [aws_securityhub_account.example]
}

resource "aws_securityhub_standards_control_association" "iam_1" {
  for_each = toset(data.aws_securityhub_standards_control_associations.iam_1.standards_control_associations[*].standards_arn)

  standards_arn       = each.key
  security_control_id = data.aws_securityhub_standards_control_associations.iam_1.security_control_id
  association_status  = "DISABLED"
  updated_reason      = "Not needed"
}

Relations

Closes #33406.

References

Output from Acceptance Testing

% make testacc PKG=securityhub ACCTEST_PARALLELISM=1 TESTARGS="-run=TestAccSecurityHub_serial"
make: Verifying source code with gofmt...
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go1.22.7 test ./internal/service/securityhub/... -v -count 1 -parallel 1  -run=TestAccSecurityHub_serial -timeout 360m
=== RUN   TestAccSecurityHub_serial
=== PAUSE TestAccSecurityHub_serial
=== CONT  TestAccSecurityHub_serial
=== RUN   TestAccSecurityHub_serial/StandardsControlAssociation
=== RUN   TestAccSecurityHub_serial/StandardsControlAssociation/basic
=== RUN   TestAccSecurityHub_serial/StandardsControlAssociationsDataSource
=== RUN   TestAccSecurityHub_serial/StandardsControlAssociationsDataSource/basic
--- PASS: TestAccSecurityHub_serial (109.82s)
    --- PASS: TestAccSecurityHub_serial/StandardsControlAssociation (47.27s)
        --- PASS: TestAccSecurityHub_serial/StandardsControlAssociation/basic (47.27s)
    --- PASS: TestAccSecurityHub_serial/StandardsControlAssociationsDataSource (62.55s)
        --- PASS: TestAccSecurityHub_serial/StandardsControlAssociationsDataSource/basic (62.55s)
PASS
ok      github.com/hashicorp/terraform-provider-aws/internal/service/securityhub        115.409s

@github-actions GitHub Actions
Copy link

Community Note

Voting for Prioritization

  • Please vote on this pull request by adding a 👍 reaction to the original post to help the community and maintainers prioritize this pull request.
  • Please see our prioritization guide for information on how we prioritize.
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

For Submitters

  • Review the contribution guide relating to the type of change you are making to ensure all of the necessary steps have been taken.
  • For new resources and data sources, use skaff to generate scaffolding with comments detailing common expectations.
  • Whether or not the branch has been rebased will not impact prioritization, but doing so is always a welcome surprise.

@github-actions github-actions bot added documentation Introduces or discusses updates to documentation. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure. service/securityhub Issues and PRs that pertain to the securityhub service. generators Relates to code generators. needs-triage Waiting for first response or review from a maintainer. external-maintainer Contribution from a trusted external contributor. labels Sep 26, 2024
@kamilturek
Copy link
Collaborator Author

The failed check is not related to the PR.

@kamilturek kamilturek marked this pull request as ready for review September 26, 2024 22:01
@kamilturek kamilturek requested a review from a team as a code owner September 26, 2024 22:01
@ewbankkit ewbankkit added new-resource Introduces a new resource. and removed needs-triage Waiting for first response or review from a maintainer. labels Sep 27, 2024
@ewbankkit ewbankkit self-assigned this Sep 27, 2024
@github-actions github-actions bot added the prioritized Part of the maintainer teams immediate focus. To be addressed within the current quarter. label Sep 27, 2024
ewbankkit
ewbankkit approved these changes Sep 27, 2024
View reviewed changes
Copy link
Contributor

@ewbankkit ewbankkit left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 🚀.

% make testacc TESTARGS='-run=TestAccSecurityHub_serial/StandardsControlAssociation' PKG=securityhub 
make: Verifying source code with gofmt...
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go1.23.1 test ./internal/service/securityhub/... -v -count 1 -parallel 20  -run=TestAccSecurityHub_serial/StandardsControlAssociation -timeout 360m
=== RUN   TestAccSecurityHub_serial
=== PAUSE TestAccSecurityHub_serial
=== CONT  TestAccSecurityHub_serial
=== RUN   TestAccSecurityHub_serial/StandardsControlAssociationsDataSource
=== RUN   TestAccSecurityHub_serial/StandardsControlAssociationsDataSource/basic
=== RUN   TestAccSecurityHub_serial/StandardsControlAssociation
=== RUN   TestAccSecurityHub_serial/StandardsControlAssociation/basic
--- PASS: TestAccSecurityHub_serial (79.08s)
    --- PASS: TestAccSecurityHub_serial/StandardsControlAssociationsDataSource (35.06s)
        --- PASS: TestAccSecurityHub_serial/StandardsControlAssociationsDataSource/basic (35.06s)
    --- PASS: TestAccSecurityHub_serial/StandardsControlAssociation (44.02s)
        --- PASS: TestAccSecurityHub_serial/StandardsControlAssociation/basic (44.02s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/securityhub	84.432s

@ewbankkit
Copy link
Contributor

@kamilturek Thanks for the contribution 🎉 👏.

@ewbankkit ewbankkit merged commit 034169b into hashicorp:main Sep 27, 2024
47 checks passed
@github-actions github-actions bot added this to the v5.70.0 milestone Sep 27, 2024
@kamilturek kamilturek deleted the f-aws-standards-control-associations branch September 28, 2024 22:37
@github-actions github-actions bot removed the prioritized Part of the maintainer teams immediate focus. To be addressed within the current quarter. label Oct 4, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Oct 4, 2024

This functionality has been released in v5.70.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ewbankkit ewbankkit ewbankkit approved these changes

Assignees

@ewbankkit ewbankkit

Labels
documentation Introduces or discusses updates to documentation. external-maintainer Contribution from a trusted external contributor. generators Relates to code generators. new-resource Introduces a new resource. service/securityhub Issues and PRs that pertain to the securityhub service. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure.
Projects
None yet
Milestone
v5.70.0
Development

Successfully merging this pull request may close these issues.

[Enhancement]: Security Hub - Support enabling and disabling controls in all standards
2 participants
@kamilturek @ewbankkit