Service: AWS Security Hub
Short Name:
securityhub
ARN Format:
arn:aws:securityhub:${Region}:${Account}:.+ARN Regex:
^arn:aws:securityhub:.+ReadOnlyAccess
…
AWSConfigRoleAction | Access | Reference | Description |
|---|---|---|---|
| securityhub:GetEnabledStandards | Docs | Grants permission to retrieve a list of the standards that are enabled in Security Hub | |
| securityhub:GetInsights | Docs | Grants permission to retrieve Security Hub insights | |
| securityhub:ListAutomationRules | Docs | Grants permission to retrieve a list of automation rules and their metadata for the calling account from Security Hub | |
| securityhub:ListConfigurationPolicies | Docs | Grants permission to list the summaries of all configuration policies created by the calling account | |
| securityhub:ListConfigurationPolicyAssociations | Docs | Grants permission to retrieve information about all configuration policies associationed with all member accounts and organizational units of the calling account's organization | |
| securityhub:ListEnabledProductsForImport | Docs | Grants permission to retrieve the Security Hub integrated products that are currently enabled | |
| securityhub:ListFindingAggregators | Docs | Grants permission to retrieve a list of finding aggregators, which contain the cross-Region finding aggregation configuration | |
| securityhub:ListInvitations | Docs | Grants permission to retrieve the Security Hub invitations sent to the account | |
| securityhub:ListMembers | Docs | Grants permission to retrieve details about Security Hub member accounts associated with the administrator account | |
| securityhub:ListOrganizationAdminAccounts | Docs | Grants permission to list the Security Hub administrator accounts for your organization | |
| securityhub:ListSecurityControlDefinitions | Docs | Grants permission to retrieve a list of security control definitions, which contain details for security controls in the current region | |
| securityhub:ListStandardsControlAssociations | Docs | Grants permission to list the enablement status of a security control in standards | |
| securityhub:BatchGetAutomationRules | Docs | Grants permission to retrieve a list of details for automation rules from Security Hub based on rule Amazon Resource Names (ARNs) | |
| securityhub:BatchGetConfigurationPolicyAssociations | Docs | Grants permission to retrieve information about configuration policies associated with a specific list of member accounts and organizational units of the calling account's organization | |
| securityhub:BatchGetControlEvaluations | Docs | Grants permission to get the enablement and compliance status of controls, the findings count for controls, and the overall security score for controls on the Security Hub console | |
| securityhub:BatchGetSecurityControls | Docs | Grants permission to get details about specific security controls identified by ID or ARN | |
| securityhub:BatchGetStandardsControlAssociations | Docs | Grants permission to get the enablement status of a batch of security controls in standards | |
| securityhub:DescribeActionTargets | Docs | Grants permission to retrieve a list of custom actions using the API | |
| securityhub:DescribeHub | Docs | Grants permission to retrieve information about the hub resource in your account | |
| securityhub:DescribeOrganizationConfiguration | Docs | Grants permission to describe the organization configuration for Security Hub | |
| securityhub:DescribeProducts | Docs | Grants permission to retrieve information about the available Security Hub product integrations | |
| securityhub:DescribeStandards | Docs | Grants permission to retrieve information about Security Hub standards | |
| securityhub:DescribeStandardsControls | Docs | Grants permission to retrieve information about Security Hub standards controls | |
| securityhub:GetAdhocInsightResults | Docs | Grants permission to retrieve insight results by providing a set of filters instead of an insight ARN | |
| securityhub:GetAdministratorAccount | Docs | Grants permission to retrieve details about the Security Hub administrator account | |
| securityhub:GetConfigurationPolicy | Docs | Grants permission to get a complete overview of one configuration policy created by the calling account | |
| securityhub:GetConfigurationPolicyAssociation | Docs | Grants permission to retrieve information about a configuration policy associated with a member account or organizational unit of the calling account's organization | |
| securityhub:GetControlFindingSummary | Docs | Grants permission to retrieve a security score and counts of finding and control statuses for a security standard | |
| securityhub:GetFindingAggregator | Docs | Grants permission to retrieve details for a finding aggregator, which configures finding aggregation across Regions | |
| securityhub:GetFindingHistory | Docs | Grants permission to retrieve a list of finding history from Security Hub | |
| securityhub:GetFindings | Docs | Grants permission to retrieve a list of findings from Security Hub | |
| securityhub:GetFreeTrialEndDate | Docs | Grants permission to retrieve the end date for an account's free trial of Security Hub | |
| securityhub:GetFreeTrialUsage | Docs | Grants permission to retrieve information about Security Hub usage during the free trial period | |
| securityhub:GetInsightFindingTrend | Docs | Grants permission to retrieve an insight finding trend from Security Hub in order to generate a graph | |
| securityhub:GetInsightResults | Docs | Grants permission to retrieve insight results from Security Hub | |
| securityhub:GetInvitationsCount | Docs | Grants permission to retrieve the count of Security Hub membership invitations sent to the account | |
| securityhub:GetMasterAccount | Docs | Grants permission to retrieve details about the Security Hub master account | |
| securityhub:GetMembers | Docs | Grants permission to retrieve the details of Security Hub member accounts | |
| securityhub:GetSecurityControlDefinition | Docs | Grants permission to get the definition details of a specific security control identified by ID | |
| securityhub:GetUsage | Docs | Grants permission to retrieve information about Security Hub usage by accounts | |
| securityhub:ListControlEvaluationSummaries | Docs | Grants permission to retrieve a list of controls for a standard, including the control IDs, statuses and finding counts | |
| securityhub:ListTagsForResource | Docs | Grants permission to list of tags associated with a resource | |
| securityhub:SendFindingEvents | Docs | Grants permission to use a custom action to send Security Hub findings to Amazon EventBridge | |
| securityhub:SendInsightEvents | Docs | Grants permission to use a custom action to send Security Hub insights to Amazon EventBridge | |
| securityhub:TagResource | Docs | Grants permission to add tags to a Security Hub resource | |
| securityhub:UntagResource | Docs | Grants permission to remove tags from a Security Hub resource | |
| securityhub:AcceptAdministratorInvitation | Docs | Grants permission to accept Security Hub invitations to become a member account | |
| securityhub:AcceptInvitation | Docs | Grants permission to accept Security Hub invitations to become a member account | |
| securityhub:BatchDeleteAutomationRules | Docs | Grants permission to delete one or more automation rules in Security Hub | |
| securityhub:BatchDisableStandards | Docs | Grants permission to disable standards in Security Hub | |
| securityhub:BatchEnableStandards | Docs | Grants permission to enable standards in Security Hub | |
| securityhub:BatchImportFindings | Docs | Grants permission to import findings into Security Hub from an integrated product | |
| securityhub:BatchUpdateAutomationRules | Docs | Grants permission to update one or more automation rules from Security Hub based on rule Amazon Resource Names (ARNs) and input parameters | |
| securityhub:BatchUpdateFindings | Docs | Grants permission to update customer-controlled fields for a selected set of Security Hub findings | |
| securityhub:BatchUpdateStandardsControlAssociations | Docs | Grants permission to update the enablement status of a batch of security controls in standards | |
| securityhub:CreateActionTarget | Docs | Grants permission to create custom actions in Security Hub | |
| securityhub:CreateAutomationRule | Docs | Grants permission to create an automation rule based on input parameters | |
| securityhub:CreateConfigurationPolicy | Docs | Grants permission to create a configuration policy to manage organization member settings in Security Hub | |
| securityhub:CreateFindingAggregator | Docs | Grants permission to create a finding aggregator, which contains the cross-Region finding aggregation configuration | |
| securityhub:CreateInsight | Docs | Grants permission to create insights in Security Hub. Insights are collections of related findings | |
| securityhub:CreateMembers | Docs | Grants permission to create member accounts in Security Hub | |
| securityhub:DeclineInvitations | Docs | Grants permission to decline Security Hub invitations to become a member account | |
| securityhub:DeleteActionTarget | Docs | Grants permission to delete custom actions in Security Hub | |
| securityhub:DeleteConfigurationPolicy | Docs | Grants permission to delete an existing configuration policy | |
| securityhub:DeleteFindingAggregator | Docs | Grants permission to delete a finding aggregator, which disables finding aggregation across Regions | |
| securityhub:DeleteInsight | Docs | Grants permission to delete insights from Security Hub | |
| securityhub:DeleteInvitations | Docs | Grants permission to delete Security Hub invitations to become a member account | |
| securityhub:DeleteMembers | Docs | Grants permission to delete Security Hub member accounts | |
| securityhub:DisableImportFindingsForProduct | Docs | Grants permission to disable the findings importing for a Security Hub integrated product | |
| securityhub:DisableOrganizationAdminAccount | Docs | Grants permission to remove the Security Hub administrator account for your organization | |
| securityhub:DisableSecurityHub | Docs | Grants permission to disable Security Hub | |
| securityhub:DisassociateFromAdministratorAccount | Docs | Grants permission to a Security Hub member account to disassociate from the associated administrator account | |
| securityhub:DisassociateFromMasterAccount | Docs | Grants permission to a Security Hub member account to disassociate from the associated master account | |
| securityhub:DisassociateMembers | Docs | Grants permission to disassociate Security Hub member accounts from the associated administrator account | |
| securityhub:EnableImportFindingsForProduct | Docs | Grants permission to enable the findings importing for a Security Hub integrated product | |
| securityhub:EnableOrganizationAdminAccount | Docs | Grants permission to designate a Security Hub administrator account for your organization | |
| securityhub:EnableSecurityHub | Docs | Grants permission to enable Security Hub | |
| securityhub:InviteMembers | Docs | Grants permission to invite other AWS accounts to become Security Hub member accounts | |
| securityhub:StartConfigurationPolicyAssociation | Docs | Grants permission to associate a configuration policy with a member account or organizational unit in the calling account's organization | |
| securityhub:StartConfigurationPolicyDisassociation | Docs | Grants permission to remove a configuration policy association from a member account or organizational unit in the calling account's organization | |
| securityhub:UpdateActionTarget | Docs | Grants permission to update custom actions in Security Hub | |
| securityhub:UpdateConfigurationPolicy | Docs | Grants permission to update an existing configuration policy | |
| securityhub:UpdateFindingAggregator | Docs | Grants permission to update a finding aggregator, which contains the cross-Region finding aggregation configuration | |
| securityhub:UpdateFindings | Docs | Grants permission to update Security Hub findings | |
| securityhub:UpdateInsight | Docs | Grants permission to update insights in Security Hub | |
| securityhub:UpdateOrganizationConfiguration | Docs | Grants permission to update the organization configuration for Security Hub | |
| securityhub:UpdateSecurityControl | Docs | Grants permission to update properties of a specific security control identified by ID or ARN | |
| securityhub:UpdateSecurityHubConfiguration | Docs | Grants permission to update Security Hub configuration | |
| securityhub:UpdateStandardsControl | Docs | Grants permission to update Security Hub standards controls |
aws:RequestTag/${TagKey}aws:ResourceTag/${TagKey}aws:TagKeyssecurityhub:ASFFSyntaxPath/${ASFFSyntaxPath}securityhub:TargetAccount