AWS SecurityHub

2025/03/10 - AWS SecurityHub - 3 updated api methods

Changes  This release adds new StandardsControlsUpdatable field to the StandardsSubscription resource

BatchDisableStandards (updated) Link ¶
Changes (response)
{'StandardsSubscriptions': {'StandardsControlsUpdatable': 'READY_FOR_UPDATES | '
                                                          'NOT_READY_FOR_UPDATES',
                            'StandardsStatusReason': {'StatusReasonCode': {'MAXIMUM_NUMBER_OF_CONFIG_RULES_EXCEEDED'}}}}

Disables the standards specified by the provided StandardsSubscriptionArns.

For more information, see Security Standards section of the Security Hub User Guide.

See also: AWS API Documentation

Request Syntax

client.batch_disable_standards(
    StandardsSubscriptionArns=[
        'string',
    ]
)
type StandardsSubscriptionArns:

list

param StandardsSubscriptionArns:

[REQUIRED]

The ARNs of the standards subscriptions to disable.

  • (string) --

rtype:

dict

returns:

Response Syntax

{
    'StandardsSubscriptions': [
        {
            'StandardsSubscriptionArn': 'string',
            'StandardsArn': 'string',
            'StandardsInput': {
                'string': 'string'
            },
            'StandardsStatus': 'PENDING'|'READY'|'FAILED'|'DELETING'|'INCOMPLETE',
            'StandardsControlsUpdatable': 'READY_FOR_UPDATES'|'NOT_READY_FOR_UPDATES',
            'StandardsStatusReason': {
                'StatusReasonCode': 'NO_AVAILABLE_CONFIGURATION_RECORDER'|'MAXIMUM_NUMBER_OF_CONFIG_RULES_EXCEEDED'|'INTERNAL_ERROR'
            }
        },
    ]
}

Response Structure

  • (dict) --

    • StandardsSubscriptions (list) --

      The details of the standards subscriptions that were disabled.

      • (dict) --

        A resource that represents your subscription to a supported standard.

        • StandardsSubscriptionArn (string) --

          The ARN of a resource that represents your subscription to a supported standard.

        • StandardsArn (string) --

          The ARN of a standard.

        • StandardsInput (dict) --

          A key-value pair of input for the standard.

          • (string) --

            • (string) --

        • StandardsStatus (string) --

          The status of the standard subscription.

          The status values are as follows:

          • PENDING - Standard is in the process of being enabled.

          • READY - Standard is enabled.

          • INCOMPLETE - Standard could not be enabled completely. Some controls may not be available.

          • DELETING - Standard is in the process of being disabled.

          • FAILED - Standard could not be disabled.

        • StandardsControlsUpdatable (string) --

          Indicates whether the controls associated with this standards subscription can be viewed and updated.

          The values are as follows:

          • READY_FOR_UPDATES - Controls associated with this standards subscription can be viewed and updated.

          • NOT_READY_FOR_UPDATES - Controls associated with this standards subscription cannot be retrieved or updated yet. Security Hub is still processing a request to create the controls.

        • StandardsStatusReason (dict) --

          The reason for the current status.

          • StatusReasonCode (string) --

            The reason code that represents the reason for the current status of a standard subscription.

BatchEnableStandards (updated) Link ¶
Changes (response)
{'StandardsSubscriptions': {'StandardsControlsUpdatable': 'READY_FOR_UPDATES | '
                                                          'NOT_READY_FOR_UPDATES',
                            'StandardsStatusReason': {'StatusReasonCode': {'MAXIMUM_NUMBER_OF_CONFIG_RULES_EXCEEDED'}}}}

Enables the standards specified by the provided StandardsArn. To obtain the ARN for a standard, use the DescribeStandards operation.

For more information, see the Security Standards section of the Security Hub User Guide.

See also: AWS API Documentation

Request Syntax

client.batch_enable_standards(
    StandardsSubscriptionRequests=[
        {
            'StandardsArn': 'string',
            'StandardsInput': {
                'string': 'string'
            }
        },
    ]
)
type StandardsSubscriptionRequests:

list

param StandardsSubscriptionRequests:

[REQUIRED]

The list of standards checks to enable.

  • (dict) --

    The standard that you want to enable.

    • StandardsArn (string) -- [REQUIRED]

      The ARN of the standard that you want to enable. To view the list of available standards and their ARNs, use the DescribeStandards operation.

    • StandardsInput (dict) --

      A key-value pair of input for the standard.

      • (string) --

        • (string) --

rtype:

dict

returns:

Response Syntax

{
    'StandardsSubscriptions': [
        {
            'StandardsSubscriptionArn': 'string',
            'StandardsArn': 'string',
            'StandardsInput': {
                'string': 'string'
            },
            'StandardsStatus': 'PENDING'|'READY'|'FAILED'|'DELETING'|'INCOMPLETE',
            'StandardsControlsUpdatable': 'READY_FOR_UPDATES'|'NOT_READY_FOR_UPDATES',
            'StandardsStatusReason': {
                'StatusReasonCode': 'NO_AVAILABLE_CONFIGURATION_RECORDER'|'MAXIMUM_NUMBER_OF_CONFIG_RULES_EXCEEDED'|'INTERNAL_ERROR'
            }
        },
    ]
}

Response Structure

  • (dict) --

    • StandardsSubscriptions (list) --

      The details of the standards subscriptions that were enabled.

      • (dict) --

        A resource that represents your subscription to a supported standard.

        • StandardsSubscriptionArn (string) --

          The ARN of a resource that represents your subscription to a supported standard.

        • StandardsArn (string) --

          The ARN of a standard.

        • StandardsInput (dict) --

          A key-value pair of input for the standard.

          • (string) --

            • (string) --

        • StandardsStatus (string) --

          The status of the standard subscription.

          The status values are as follows:

          • PENDING - Standard is in the process of being enabled.

          • READY - Standard is enabled.

          • INCOMPLETE - Standard could not be enabled completely. Some controls may not be available.

          • DELETING - Standard is in the process of being disabled.

          • FAILED - Standard could not be disabled.

        • StandardsControlsUpdatable (string) --

          Indicates whether the controls associated with this standards subscription can be viewed and updated.

          The values are as follows:

          • READY_FOR_UPDATES - Controls associated with this standards subscription can be viewed and updated.

          • NOT_READY_FOR_UPDATES - Controls associated with this standards subscription cannot be retrieved or updated yet. Security Hub is still processing a request to create the controls.

        • StandardsStatusReason (dict) --

          The reason for the current status.

          • StatusReasonCode (string) --

            The reason code that represents the reason for the current status of a standard subscription.

GetEnabledStandards (updated) Link ¶
Changes (response)
{'StandardsSubscriptions': {'StandardsControlsUpdatable': 'READY_FOR_UPDATES | '
                                                          'NOT_READY_FOR_UPDATES',
                            'StandardsStatusReason': {'StatusReasonCode': {'MAXIMUM_NUMBER_OF_CONFIG_RULES_EXCEEDED'}}}}

Returns a list of the standards that are currently enabled.

See also: AWS API Documentation

Request Syntax

client.get_enabled_standards(
    StandardsSubscriptionArns=[
        'string',
    ],
    NextToken='string',
    MaxResults=123
)
type StandardsSubscriptionArns:

list

param StandardsSubscriptionArns:

The list of the standards subscription ARNs for the standards to retrieve.

  • (string) --

type NextToken:

string

param NextToken:

The token that is required for pagination. On your first call to the GetEnabledStandards operation, set the value of this parameter to NULL.

For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.

type MaxResults:

integer

param MaxResults:

The maximum number of results to return in the response.

rtype:

dict

returns:

Response Syntax

{
    'StandardsSubscriptions': [
        {
            'StandardsSubscriptionArn': 'string',
            'StandardsArn': 'string',
            'StandardsInput': {
                'string': 'string'
            },
            'StandardsStatus': 'PENDING'|'READY'|'FAILED'|'DELETING'|'INCOMPLETE',
            'StandardsControlsUpdatable': 'READY_FOR_UPDATES'|'NOT_READY_FOR_UPDATES',
            'StandardsStatusReason': {
                'StatusReasonCode': 'NO_AVAILABLE_CONFIGURATION_RECORDER'|'MAXIMUM_NUMBER_OF_CONFIG_RULES_EXCEEDED'|'INTERNAL_ERROR'
            }
        },
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) --

    • StandardsSubscriptions (list) --

      The list of StandardsSubscriptions objects that include information about the enabled standards.

      • (dict) --

        A resource that represents your subscription to a supported standard.

        • StandardsSubscriptionArn (string) --

          The ARN of a resource that represents your subscription to a supported standard.

        • StandardsArn (string) --

          The ARN of a standard.

        • StandardsInput (dict) --

          A key-value pair of input for the standard.

          • (string) --

            • (string) --

        • StandardsStatus (string) --

          The status of the standard subscription.

          The status values are as follows:

          • PENDING - Standard is in the process of being enabled.

          • READY - Standard is enabled.

          • INCOMPLETE - Standard could not be enabled completely. Some controls may not be available.

          • DELETING - Standard is in the process of being disabled.

          • FAILED - Standard could not be disabled.

        • StandardsControlsUpdatable (string) --

          Indicates whether the controls associated with this standards subscription can be viewed and updated.

          The values are as follows:

          • READY_FOR_UPDATES - Controls associated with this standards subscription can be viewed and updated.

          • NOT_READY_FOR_UPDATES - Controls associated with this standards subscription cannot be retrieved or updated yet. Security Hub is still processing a request to create the controls.

        • StandardsStatusReason (dict) --

          The reason for the current status.

          • StatusReasonCode (string) --

            The reason code that represents the reason for the current status of a standard subscription.

    • NextToken (string) --

      The pagination token to use to request the next page of results.