[ aws . securityhub ]
Enables the standards specified by the provided StandardsArn
. To obtain the ARN for a standard, use the DescribeStandards
operation.
For more information, see the Security Standards section of the Security Hub User Guide .
See also: AWS API Documentation
See ‘aws help’ for descriptions of global parameters.
batch-enable-standards
--standards-subscription-requests <value>
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]
--standards-subscription-requests
(list)
The list of standards checks to enable.
(structure)
The standard that you want to enable.
StandardsArn -> (string)
The ARN of the standard that you want to enable. To view the list of available standards and their ARNs, use the
DescribeStandards
operation.StandardsInput -> (map)
A key-value pair of input for the standard.
key -> (string)
value -> (string)
Shorthand Syntax:
StandardsArn=string,StandardsInput={KeyName1=string,KeyName2=string} ...
JSON Syntax:
[
{
"StandardsArn": "string",
"StandardsInput": {"string": "string"
...}
}
...
]
--cli-input-json
| --cli-input-yaml
(string)
Reads arguments from the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton
. If other arguments are provided on the command line, those values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally. This may not be specified along with --cli-input-yaml
.
--generate-cli-skeleton
(string)
Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input
, prints a sample input JSON that can be used as an argument for --cli-input-json
. Similarly, if provided yaml-input
it will print a sample input YAML that can be used with --cli-input-yaml
. If provided with the value output
, it validates the command inputs and returns a sample output JSON for that command.
See ‘aws help’ for descriptions of global parameters.
To enable a standard
The following batch-enable-standards
example enables the PCI DSS standard for the requesting account.
aws securityhub batch-enable-standards \
--standards-subscription-requests '{"StandardsArn":"arn:aws:securityhub:us-west-1::standards/pci-dss/v/3.2.1"}'
Output:
{
"StandardsSubscriptions": [
{
"StandardsArn": "arn:aws:securityhub:us-west-1::standards/pci-dss/v/3.2.1",
"StandardsInput": { },
"StandardsStatus": "PENDING",
"StandardsSubscriptionArn": "arn:aws:securityhub:us-west-1:123456789012:subscription/pci-dss/v/3.2.1"
}
]
}
For more information, see Disabling or enabling a security standard in the AWS Security Hub User Guide.
StandardsSubscriptions -> (list)
The details of the standards subscriptions that were enabled.
(structure)
A resource that represents your subscription to a supported standard.
StandardsSubscriptionArn -> (string)
The ARN of a resource that represents your subscription to a supported standard.
StandardsArn -> (string)
The ARN of a standard.
StandardsInput -> (map)
A key-value pair of input for the standard.
key -> (string)
value -> (string)
StandardsStatus -> (string)
The status of the standard subscription.
The status values are as follows:
PENDING
- Standard is in the process of being enabled.
READY
- Standard is enabled.
INCOMPLETE
- Standard could not be enabled completely. Some controls may not be available.
DELETING
- Standard is in the process of being disabled.
FAILED
- Standard could not be disabled.