From aac9196dfedfb518ef3a309da1c1bca2aa45f4bf Mon Sep 17 00:00:00 2001 From: Laurence Jones Date: Sun, 31 Oct 2021 22:03:19 +0000 Subject: [PATCH 1/6] Added securityhub finding aggregator resource --- internal/provider/provider.go | 1 + .../service/securityhub/finding_aggregator.go | 176 ++++++++++++++++++ .../securityhub/finding_aggregator_test.go | 166 +++++++++++++++++ .../r/securityhub_finding_aggregator.markdown | 76 ++++++++ 4 files changed, 419 insertions(+) create mode 100644 internal/service/securityhub/finding_aggregator.go create mode 100644 internal/service/securityhub/finding_aggregator_test.go create mode 100644 website/docs/r/securityhub_finding_aggregator.markdown diff --git a/internal/provider/provider.go b/internal/provider/provider.go index 7471764fb8f..921b8f9f75e 100644 --- a/internal/provider/provider.go +++ b/internal/provider/provider.go @@ -1519,6 +1519,7 @@ func Provider() *schema.Provider { "aws_securityhub_product_subscription": securityhub.ResourceProductSubscription(), "aws_securityhub_standards_control": securityhub.ResourceStandardsControl(), "aws_securityhub_standards_subscription": securityhub.ResourceStandardsSubscription(), + "aws_securityhub_finding_aggregator": securityhub.ResourceFindingAggregator(), "aws_serverlessapplicationrepository_cloudformation_stack": serverlessapprepo.ResourceCloudFormationStack(), diff --git a/internal/service/securityhub/finding_aggregator.go b/internal/service/securityhub/finding_aggregator.go new file mode 100644 index 00000000000..a8e93810f9b --- /dev/null +++ b/internal/service/securityhub/finding_aggregator.go @@ -0,0 +1,176 @@ +package securityhub + +import ( + "fmt" + "log" + + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/service/securityhub" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" + "github.com/hashicorp/terraform-provider-aws/internal/conns" + "github.com/hashicorp/terraform-provider-aws/internal/flex" +) + +const ( + allRegions = "ALL_REGIONS" + allRegionsExceptSpecified = "ALL_REGIONS_EXCEPT_SPECIFIED" + specifiedRegions = "SPECIFIED_REGIONS" +) + +func ResourceFindingAggregator() *schema.Resource { + return &schema.Resource{ + Create: resourceFindingAggregatorCreate, + Read: resourceFindingAggregatorRead, + Update: resourceFindingAggregatorUpdate, + Delete: resourceFindingAggregatorDelete, + Importer: &schema.ResourceImporter{ + StateContext: schema.ImportStatePassthroughContext, + }, + + Schema: map[string]*schema.Schema{ + "linking_mode": { + Type: schema.TypeString, + Required: true, + ValidateFunc: validation.StringInSlice([]string{ + allRegions, + allRegionsExceptSpecified, + specifiedRegions, + }, false), + }, + "specified_regions": { + Type: schema.TypeSet, + MinItems: 1, + Optional: true, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + }, + } +} + +func resourceFindingAggregatorCreate(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*conns.AWSClient).SecurityHubConn + + linkingMode := d.Get("linking_mode").(string) + + req := &securityhub.CreateFindingAggregatorInput{ + RegionLinkingMode: &linkingMode, + } + + if v, ok := d.GetOk("specified_regions"); ok && (linkingMode == allRegionsExceptSpecified || linkingMode == specifiedRegions) { + req.Regions = flex.ExpandStringSet(v.(*schema.Set)) + } + + log.Printf("[DEBUG] Creating Security Hub finding aggregator") + + resp, err := conn.CreateFindingAggregator(req) + + if err != nil { + return fmt.Errorf("Error creating finding aggregator for Security Hub: %s", err) + } + + d.SetId(aws.StringValue(resp.FindingAggregatorArn)) + + return resourceFindingAggregatorRead(d, meta) +} + +func resourceFindingAggregatorRead(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*conns.AWSClient).SecurityHubConn + + aggregatorArn := d.Id() + + log.Printf("[DEBUG] Reading Security Hub finding aggregator to find %s", aggregatorArn) + + aggregator, err := FindingAggregatorCheckExists(conn, aggregatorArn) + + if err != nil { + return fmt.Errorf("Error reading Security Hub finding aggregator to find %s: %s", aggregatorArn, err) + } + + if aggregator == nil { + log.Printf("[WARN] Security Hub finding aggregator (%s) not found, removing from state", aggregatorArn) + d.SetId("") + return nil + } + + d.Set("linking_mode", aggregator.RegionLinkingMode) + + if len(aggregator.Regions) > 0 { + d.Set("specified_regions", flex.FlattenStringList(aggregator.Regions)) + } + + return nil +} + +func FindingAggregatorCheckExists(conn *securityhub.SecurityHub, findingAggregatorArn string) (*securityhub.GetFindingAggregatorOutput, error) { + input := &securityhub.ListFindingAggregatorsInput{} + + var found *securityhub.GetFindingAggregatorOutput + var err error = nil + + err = conn.ListFindingAggregatorsPages(input, func(page *securityhub.ListFindingAggregatorsOutput, lastPage bool) bool { + for _, aggregator := range page.FindingAggregators { + if aws.StringValue(aggregator.FindingAggregatorArn) == findingAggregatorArn { + getInput := &securityhub.GetFindingAggregatorInput{ + FindingAggregatorArn: &findingAggregatorArn, + } + found, err = conn.GetFindingAggregator(getInput) + return false + } + } + return !lastPage + }) + + if err != nil { + return nil, err + } + + return found, nil +} + +func resourceFindingAggregatorUpdate(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*conns.AWSClient).SecurityHubConn + + aggregatorArn := d.Id() + + linkingMode := d.Get("linking_mode").(string) + + req := &securityhub.UpdateFindingAggregatorInput{ + FindingAggregatorArn: &aggregatorArn, + RegionLinkingMode: &linkingMode, + } + + if v, ok := d.GetOk("specified_regions"); ok && (linkingMode == allRegionsExceptSpecified || linkingMode == specifiedRegions) { + req.Regions = flex.ExpandStringSet(v.(*schema.Set)) + } + + resp, err := conn.UpdateFindingAggregator(req) + + if err != nil { + return fmt.Errorf("Error updating Security Hub finding aggregator (%s): %w", aggregatorArn, err) + } + + d.SetId(aws.StringValue(resp.FindingAggregatorArn)) + + return resourceFindingAggregatorRead(d, meta) +} + +func resourceFindingAggregatorDelete(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*conns.AWSClient).SecurityHubConn + + aggregatorArn := d.Id() + + log.Printf("[DEBUG] Disabling Security Hub finding aggregator %s", aggregatorArn) + + _, err := conn.DeleteFindingAggregator(&securityhub.DeleteFindingAggregatorInput{ + FindingAggregatorArn: &aggregatorArn, + }) + + if err != nil { + return fmt.Errorf("Error disabling Security Hub finding aggregator %s: %s", aggregatorArn, err) + } + + return nil +} diff --git a/internal/service/securityhub/finding_aggregator_test.go b/internal/service/securityhub/finding_aggregator_test.go new file mode 100644 index 00000000000..07d3accbf22 --- /dev/null +++ b/internal/service/securityhub/finding_aggregator_test.go @@ -0,0 +1,166 @@ +package securityhub_test + +import ( + "fmt" + "testing" + + "github.com/aws/aws-sdk-go/service/securityhub" + "github.com/hashicorp/aws-sdk-go-base/tfawserr" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" + "github.com/hashicorp/terraform-plugin-sdk/v2/terraform" + "github.com/hashicorp/terraform-provider-aws/internal/acctest" + "github.com/hashicorp/terraform-provider-aws/internal/conns" + tfsecurityhub "github.com/hashicorp/terraform-provider-aws/internal/service/securityhub" +) + +func TestAccFindingAggregator_basic(t *testing.T) { + resourceName := "aws_securityhub_finding_aggregator.test_aggregator" + + resource.Test(t, resource.TestCase{ + PreCheck: func() { acctest.PreCheck(t) }, + ErrorCheck: acctest.ErrorCheck(t, securityhub.EndpointsID), + Providers: acctest.Providers, + CheckDestroy: testAccCheckFindingAggregatorDestroy, + Steps: []resource.TestStep{ + { + Config: testAccFindingAggregatorAllRegionsConfig(), + Check: resource.ComposeTestCheckFunc( + testAccCheckFindingAggregatorExists(resourceName), + resource.TestCheckResourceAttr(resourceName, "linking_mode", "ALL_REGIONS"), + resource.TestCheckNoResourceAttr(resourceName, "specified_regions"), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + }, + { + Config: testAccFindingAggregatorSpecifiedRegionsConfig(), + Check: resource.ComposeTestCheckFunc( + testAccCheckFindingAggregatorExists(resourceName), + resource.TestCheckResourceAttr(resourceName, "linking_mode", "SPECIFIED_REGIONS"), + resource.TestCheckResourceAttr(resourceName, "specified_regions.#", "3"), + ), + }, + { + Config: testAccFindingAggregatorAllRegionsExceptSpecifiedConfig(), + Check: resource.ComposeTestCheckFunc( + testAccCheckFindingAggregatorExists(resourceName), + resource.TestCheckResourceAttr(resourceName, "linking_mode", "ALL_REGIONS_EXCEPT_SPECIFIED"), + resource.TestCheckResourceAttr(resourceName, "specified_regions.#", "2"), + ), + }, + }, + }) +} + +func TestAccFindingAggregator_disappears(t *testing.T) { + resourceName := "aws_securityhub_finding_aggregator.test_aggregator" + + resource.Test(t, resource.TestCase{ + PreCheck: func() { acctest.PreCheck(t) }, + ErrorCheck: acctest.ErrorCheck(t, securityhub.EndpointsID), + Providers: acctest.Providers, + CheckDestroy: testAccCheckFindingAggregatorDestroy, + Steps: []resource.TestStep{ + { + Config: testAccFindingAggregatorAllRegionsConfig(), + Check: resource.ComposeTestCheckFunc( + testAccCheckFindingAggregatorExists(resourceName), + acctest.CheckResourceDisappears(acctest.Provider, tfsecurityhub.ResourceFindingAggregator(), resourceName), + ), + ExpectNonEmptyPlan: true, + }, + }, + }) +} + +func testAccCheckFindingAggregatorExists(n string) resource.TestCheckFunc { + return func(s *terraform.State) error { + rs, ok := s.RootModule().Resources[n] + if !ok { + return fmt.Errorf("Not found: %s", n) + } + + if rs.Primary.ID == "" { + return fmt.Errorf("No Security Hub finding aggregator ID is set") + } + + conn := acctest.Provider.Meta().(*conns.AWSClient).SecurityHubConn + + _, err := conn.GetFindingAggregator(&securityhub.GetFindingAggregatorInput{ + FindingAggregatorArn: &rs.Primary.ID, + }) + + if err != nil { + return fmt.Errorf("Failed to get finding aggregator: %s", err) + } + + return nil + } +} + +func testAccCheckFindingAggregatorDestroy(s *terraform.State) error { + conn := acctest.Provider.Meta().(*conns.AWSClient).SecurityHubConn + + for _, rs := range s.RootModule().Resources { + if rs.Type != "aws_securityhub_finding_aggregator" { + continue + } + + _, err := conn.GetFindingAggregator(&securityhub.GetFindingAggregatorInput{ + FindingAggregatorArn: &rs.Primary.ID, + }) + + if tfawserr.ErrMessageContains(err, securityhub.ErrCodeInvalidAccessException, "not subscribed to AWS Security Hub") { + continue + } + + if err != nil { + return err + } + + return fmt.Errorf("Security Hub Finding Aggregator %s still exists", rs.Primary.ID) + } + + return nil +} + +func testAccFindingAggregatorAllRegionsConfig() string { + return ` +resource "aws_securityhub_account" "example" {} + +resource "aws_securityhub_finding_aggregator" "test_aggregator" { + linking_mode = "ALL_REGIONS" + + depends_on = [aws_securityhub_account.example] +} +` +} + +func testAccFindingAggregatorSpecifiedRegionsConfig() string { + return ` +resource "aws_securityhub_account" "example" {} + +resource "aws_securityhub_finding_aggregator" "test_aggregator" { + linking_mode = "SPECIFIED_REGIONS" + specified_regions = ["eu-west-2", "eu-west-1", "us-east-1"] + + depends_on = [aws_securityhub_account.example] +} +` +} + +func testAccFindingAggregatorAllRegionsExceptSpecifiedConfig() string { + return ` +resource "aws_securityhub_account" "example" {} + +resource "aws_securityhub_finding_aggregator" "test_aggregator" { + linking_mode = "ALL_REGIONS_EXCEPT_SPECIFIED" + specified_regions = ["eu-west-2", "eu-west-1"] + + depends_on = [aws_securityhub_account.example] +} +` +} diff --git a/website/docs/r/securityhub_finding_aggregator.markdown b/website/docs/r/securityhub_finding_aggregator.markdown new file mode 100644 index 00000000000..c415d8f77ad --- /dev/null +++ b/website/docs/r/securityhub_finding_aggregator.markdown @@ -0,0 +1,76 @@ +--- +subcategory: "Security Hub" +layout: "aws" +page_title: "AWS: aws_securityhub_finding_aggregator" +description: |- + Manages a Security Hub finding aggregator +--- + +# Resource: aws_securityhub_finding_aggregator + +Manages a Security Hub finding aggregator. Security Hub needs to be enabled in a region in order for the aggregator to pull through findings. + +## All Regions Usage + +The following example will enable the aggregator for every region. + +```terraform +resource "aws_securityhub_account" "example" {} + +resource "aws_securityhub_finding_aggregator" "example" { + linking_mode = "ALL_REGIONS" + + depends_on = [aws_securityhub_account.example] +} +``` + +## All Regions Except Specified Regions Usage + +The following example will enable the aggregator for every region except those specified in `specified_regions`. + +```terraform +resource "aws_securityhub_account" "example" {} + +resource "aws_securityhub_finding_aggregator" "example" { + linking_mode = "ALL_REGIONS_EXCEPT_SPECIFIED" + specified_regions = ["eu-west-1", "eu-west-2] + + depends_on = [aws_securityhub_account.example] +} +``` + +## Specified Regions Usage + +The following example will enable the aggregator for every region specified in `specified_regions`. + +```terraform +resource "aws_securityhub_account" "example" {} + +resource "aws_securityhub_finding_aggregator" "example" { + linking_mode = "SPECIFIED_REGIONS" + specified_regions = ["eu-west-1", "eu-west-2] + + depends_on = [aws_securityhub_account.example] +} +``` + +## Argument Reference + +The following arguments are supported: + +- `linking_mode` - (Required) Indicates whether to aggregate findings from all of the available Regions or from a specified list. The options are `ALL_REGIONS`, `ALL_REGIONS_EXCEPT_SPECIFIED` or `SPECIFIED_REGIONS`. When `ALL_REGIONS` or `ALL_REGIONS_EXCEPT_SPECIFIED` are used, Security Hub will automatically aggregate findings from new Regions as Security Hub supports them and you opt into them. +- `specified_regions` - (Optional) List of regions to include or exclude (required if `linking_mode` is set to `ALL_REGIONS_EXCEPT_SPECIFIED` or `SPECIFIED_REGIONS`) + +## Attributes Reference + +In addition to all arguments above, the following attributes are exported: + +- `arn` - Amazon Resource Name (ARN) of the Security Hub finding aggregator. + +## Import + +An existing Security Hub finding aggregator can be imported using the `arn`, e.g., + +``` +$ terraform import aws_securityhub_finding_aggregator.example arn:aws:securityhub:eu-west-1:123456789098:finding-aggregator/abcd1234-abcd-1234-1234-abcdef123456 +``` From 152d710ec9d3f1edac4541bce396fab46f897eb1 Mon Sep 17 00:00:00 2001 From: Laurence Jones Date: Sun, 31 Oct 2021 22:20:20 +0000 Subject: [PATCH 2/6] updated tests --- internal/service/securityhub/finding_aggregator_test.go | 4 ++-- internal/service/securityhub/securityhub_test.go | 4 ++++ 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/internal/service/securityhub/finding_aggregator_test.go b/internal/service/securityhub/finding_aggregator_test.go index 07d3accbf22..c3cf0af840a 100644 --- a/internal/service/securityhub/finding_aggregator_test.go +++ b/internal/service/securityhub/finding_aggregator_test.go @@ -13,7 +13,7 @@ import ( tfsecurityhub "github.com/hashicorp/terraform-provider-aws/internal/service/securityhub" ) -func TestAccFindingAggregator_basic(t *testing.T) { +func testAccFindingAggregator_basic(t *testing.T) { resourceName := "aws_securityhub_finding_aggregator.test_aggregator" resource.Test(t, resource.TestCase{ @@ -55,7 +55,7 @@ func TestAccFindingAggregator_basic(t *testing.T) { }) } -func TestAccFindingAggregator_disappears(t *testing.T) { +func testAccFindingAggregator_disappears(t *testing.T) { resourceName := "aws_securityhub_finding_aggregator.test_aggregator" resource.Test(t, resource.TestCase{ diff --git a/internal/service/securityhub/securityhub_test.go b/internal/service/securityhub/securityhub_test.go index 969997b56e9..b6b7aacaeb0 100644 --- a/internal/service/securityhub/securityhub_test.go +++ b/internal/service/securityhub/securityhub_test.go @@ -55,6 +55,10 @@ func TestAccSecurityHub_serial(t *testing.T) { "basic": testAccStandardsSubscription_basic, "disappears": testAccStandardsSubscription_disappears, }, + "FindingAggregator": { + "basic": testAccFindingAggregator_basic, + "disappears": testAccFindingAggregator_disappears, + }, } for group, m := range testCases { From 5757dfd7eb1f6f7bc8beac7cb07c4a6fb429a636 Mon Sep 17 00:00:00 2001 From: Laurence Jones Date: Sun, 31 Oct 2021 22:35:34 +0000 Subject: [PATCH 3/6] added changelog --- .changelog/21560.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 .changelog/21560.txt diff --git a/.changelog/21560.txt b/.changelog/21560.txt new file mode 100644 index 00000000000..d4d4d07906d --- /dev/null +++ b/.changelog/21560.txt @@ -0,0 +1,3 @@ +```release-note:new-resource +aws_securityhub_finding_aggregator +``` \ No newline at end of file From 22d4a796f58721ad1203cda2e077b84c9b72635b Mon Sep 17 00:00:00 2001 From: Laurence Jones Date: Mon, 1 Nov 2021 14:41:16 +0000 Subject: [PATCH 4/6] linting fixes --- .../securityhub/finding_aggregator_test.go | 13 +++++++------ .../r/securityhub_finding_aggregator.markdown | 16 ++++++++-------- 2 files changed, 15 insertions(+), 14 deletions(-) diff --git a/internal/service/securityhub/finding_aggregator_test.go b/internal/service/securityhub/finding_aggregator_test.go index c3cf0af840a..a06ef5cec56 100644 --- a/internal/service/securityhub/finding_aggregator_test.go +++ b/internal/service/securityhub/finding_aggregator_test.go @@ -4,6 +4,7 @@ import ( "fmt" "testing" + "github.com/aws/aws-sdk-go/aws/endpoints" "github.com/aws/aws-sdk-go/service/securityhub" "github.com/hashicorp/aws-sdk-go-base/tfawserr" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" @@ -140,27 +141,27 @@ resource "aws_securityhub_finding_aggregator" "test_aggregator" { } func testAccFindingAggregatorSpecifiedRegionsConfig() string { - return ` + return fmt.Sprintf(` resource "aws_securityhub_account" "example" {} resource "aws_securityhub_finding_aggregator" "test_aggregator" { linking_mode = "SPECIFIED_REGIONS" - specified_regions = ["eu-west-2", "eu-west-1", "us-east-1"] + specified_regions = ["%s", "%s", "%s"] depends_on = [aws_securityhub_account.example] } -` +`, endpoints.EuWest1RegionID, endpoints.EuWest2RegionID, endpoints.UsEast1RegionID) } func testAccFindingAggregatorAllRegionsExceptSpecifiedConfig() string { - return ` + return fmt.Sprintf(` resource "aws_securityhub_account" "example" {} resource "aws_securityhub_finding_aggregator" "test_aggregator" { linking_mode = "ALL_REGIONS_EXCEPT_SPECIFIED" - specified_regions = ["eu-west-2", "eu-west-1"] + specified_regions = ["%s", "%s"] depends_on = [aws_securityhub_account.example] } -` +`, endpoints.EuWest1RegionID, endpoints.EuWest2RegionID) } diff --git a/website/docs/r/securityhub_finding_aggregator.markdown b/website/docs/r/securityhub_finding_aggregator.markdown index c415d8f77ad..503797664bb 100644 --- a/website/docs/r/securityhub_finding_aggregator.markdown +++ b/website/docs/r/securityhub_finding_aggregator.markdown @@ -18,9 +18,9 @@ The following example will enable the aggregator for every region. resource "aws_securityhub_account" "example" {} resource "aws_securityhub_finding_aggregator" "example" { - linking_mode = "ALL_REGIONS" + linking_mode = "ALL_REGIONS" - depends_on = [aws_securityhub_account.example] + depends_on = [aws_securityhub_account.example] } ``` @@ -32,10 +32,10 @@ The following example will enable the aggregator for every region except those s resource "aws_securityhub_account" "example" {} resource "aws_securityhub_finding_aggregator" "example" { - linking_mode = "ALL_REGIONS_EXCEPT_SPECIFIED" - specified_regions = ["eu-west-1", "eu-west-2] + linking_mode = "ALL_REGIONS_EXCEPT_SPECIFIED" + specified_regions = ["eu-west-1", "eu-west-2"] - depends_on = [aws_securityhub_account.example] + depends_on = [aws_securityhub_account.example] } ``` @@ -47,10 +47,10 @@ The following example will enable the aggregator for every region specified in ` resource "aws_securityhub_account" "example" {} resource "aws_securityhub_finding_aggregator" "example" { - linking_mode = "SPECIFIED_REGIONS" - specified_regions = ["eu-west-1", "eu-west-2] + linking_mode = "SPECIFIED_REGIONS" + specified_regions = ["eu-west-1", "eu-west-2"] - depends_on = [aws_securityhub_account.example] + depends_on = [aws_securityhub_account.example] } ``` From c292618734a9585ba64798e596bd68104c025566 Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Mon, 15 Nov 2021 13:40:17 -0500 Subject: [PATCH 5/6] Fix terrafmt errors. --- .../securityhub/finding_aggregator_test.go | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/internal/service/securityhub/finding_aggregator_test.go b/internal/service/securityhub/finding_aggregator_test.go index a06ef5cec56..15eefa62d34 100644 --- a/internal/service/securityhub/finding_aggregator_test.go +++ b/internal/service/securityhub/finding_aggregator_test.go @@ -133,9 +133,9 @@ func testAccFindingAggregatorAllRegionsConfig() string { resource "aws_securityhub_account" "example" {} resource "aws_securityhub_finding_aggregator" "test_aggregator" { - linking_mode = "ALL_REGIONS" + linking_mode = "ALL_REGIONS" - depends_on = [aws_securityhub_account.example] + depends_on = [aws_securityhub_account.example] } ` } @@ -145,10 +145,10 @@ func testAccFindingAggregatorSpecifiedRegionsConfig() string { resource "aws_securityhub_account" "example" {} resource "aws_securityhub_finding_aggregator" "test_aggregator" { - linking_mode = "SPECIFIED_REGIONS" - specified_regions = ["%s", "%s", "%s"] + linking_mode = "SPECIFIED_REGIONS" + specified_regions = ["%s", "%s", "%s"] - depends_on = [aws_securityhub_account.example] + depends_on = [aws_securityhub_account.example] } `, endpoints.EuWest1RegionID, endpoints.EuWest2RegionID, endpoints.UsEast1RegionID) } @@ -158,10 +158,10 @@ func testAccFindingAggregatorAllRegionsExceptSpecifiedConfig() string { resource "aws_securityhub_account" "example" {} resource "aws_securityhub_finding_aggregator" "test_aggregator" { - linking_mode = "ALL_REGIONS_EXCEPT_SPECIFIED" - specified_regions = ["%s", "%s"] + linking_mode = "ALL_REGIONS_EXCEPT_SPECIFIED" + specified_regions = ["%s", "%s"] - depends_on = [aws_securityhub_account.example] + depends_on = [aws_securityhub_account.example] } `, endpoints.EuWest1RegionID, endpoints.EuWest2RegionID) } From 58a1e4f706a8f0a7df3b0d91de00d8de12d5ae03 Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Mon, 15 Nov 2021 13:42:56 -0500 Subject: [PATCH 6/6] Fix tfproviderdocs errors. --- website/docs/r/securityhub_finding_aggregator.markdown | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/website/docs/r/securityhub_finding_aggregator.markdown b/website/docs/r/securityhub_finding_aggregator.markdown index 503797664bb..51c53ded0af 100644 --- a/website/docs/r/securityhub_finding_aggregator.markdown +++ b/website/docs/r/securityhub_finding_aggregator.markdown @@ -10,7 +10,9 @@ description: |- Manages a Security Hub finding aggregator. Security Hub needs to be enabled in a region in order for the aggregator to pull through findings. -## All Regions Usage +## Example Usage + +### All Regions Usage The following example will enable the aggregator for every region. @@ -24,7 +26,7 @@ resource "aws_securityhub_finding_aggregator" "example" { } ``` -## All Regions Except Specified Regions Usage +### All Regions Except Specified Regions Usage The following example will enable the aggregator for every region except those specified in `specified_regions`. @@ -39,7 +41,7 @@ resource "aws_securityhub_finding_aggregator" "example" { } ``` -## Specified Regions Usage +### Specified Regions Usage The following example will enable the aggregator for every region specified in `specified_regions`.