[ aws . securityhub ]

batch-enable-standards

Description

Enables the standards specified by the provided StandardsArn . To obtain the ARN for a standard, use the DescribeStandards operation.

For more information, see the Security Standards section of the Security Hub User Guide .

See also: AWS API Documentation

See ‘aws help’ for descriptions of global parameters.

Synopsis

  batch-enable-standards
--standards-subscription-requests <value>
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]

Options

--standards-subscription-requests (list)

The list of standards checks to enable.

(structure)

The standard that you want to enable.

StandardsArn -> (string)

The ARN of the standard that you want to enable. To view the list of available standards and their ARNs, use the DescribeStandards operation.

StandardsInput -> (map)

A key-value pair of input for the standard.

key -> (string)

value -> (string)

Shorthand Syntax:

StandardsArn=string,StandardsInput={KeyName1=string,KeyName2=string} ...

JSON Syntax:

[
  {
    "StandardsArn": "string",
    "StandardsInput": {"string": "string"
      ...}
  }
  ...
]

--cli-input-json | --cli-input-yaml (string) Reads arguments from the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton. If other arguments are provided on the command line, those values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally. This may not be specified along with --cli-input-yaml.

--generate-cli-skeleton (string) Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input, prints a sample input JSON that can be used as an argument for --cli-input-json. Similarly, if provided yaml-input it will print a sample input YAML that can be used with --cli-input-yaml. If provided with the value output, it validates the command inputs and returns a sample output JSON for that command.

See ‘aws help’ for descriptions of global parameters.

Examples

To enable a standard

The following batch-enable-standards example enables the PCI DSS standard for the requesting account.

aws securityhub batch-enable-standards \
    --standards-subscription-requests '{"StandardsArn":"arn:aws:securityhub:us-west-1::standards/pci-dss/v/3.2.1"}'

Output:

{
    "StandardsSubscriptions": [
        {
            "StandardsArn": "arn:aws:securityhub:us-west-1::standards/pci-dss/v/3.2.1",
            "StandardsInput": { },
            "StandardsStatus": "PENDING",
            "StandardsSubscriptionArn": "arn:aws:securityhub:us-west-1:123456789012:subscription/pci-dss/v/3.2.1"
        }
    ]
}

For more information, see Disabling or enabling a security standard in the AWS Security Hub User Guide.

Output

StandardsSubscriptions -> (list)

The details of the standards subscriptions that were enabled.

(structure)

A resource that represents your subscription to a supported standard.

StandardsSubscriptionArn -> (string)

The ARN of a resource that represents your subscription to a supported standard.

StandardsArn -> (string)

The ARN of a standard.

StandardsInput -> (map)

A key-value pair of input for the standard.

key -> (string)

value -> (string)

StandardsStatus -> (string)

The status of the standard subscription.

The status values are as follows:

  • PENDING - Standard is in the process of being enabled.

  • READY - Standard is enabled.

  • INCOMPLETE - Standard could not be enabled completely. Some controls may not be available.

  • DELETING - Standard is in the process of being disabled.

  • FAILED - Standard could not be disabled.