cis_scan_configurations
Creates, updates, deletes or gets a cis_scan_configuration resource or lists cis_scan_configurations in a region
Overview
| Name | cis_scan_configurations |
| Type | Resource |
| Description | CIS Scan Configuration resource schema |
| Id | awscc.inspectorv2.cis_scan_configurations |
Fields
- get (all properties)
- list (identifiers only)
| Name | Datatype | Description |
|---|---|---|
scan_name | string | Name of the scan |
security_level | string | |
schedule | object | Choose a Schedule cadence |
targets | object | |
arn | string | CIS Scan configuration unique identifier |
tags | object | |
region | string | AWS region. |
| Name | Datatype | Description |
|---|---|---|
arn | string | CIS Scan configuration unique identifier |
region | string | AWS region. |
For more information, see AWS::InspectorV2::CisScanConfiguration.
Methods
| Name | Resource | Accessible by | Required Params |
|---|---|---|---|
create_resource | cis_scan_configurations | INSERT | ScanName, SecurityLevel, Schedule, Targets, region |
delete_resource | cis_scan_configurations | DELETE | Identifier, region |
update_resource | cis_scan_configurations | UPDATE | Identifier, PatchDocument, region |
list_resources | cis_scan_configurations_list_only | SELECT | region |
get_resource | cis_scan_configurations | SELECT | Identifier, region |
SELECT examples
- get (all properties)
- list (identifiers only)
Gets all properties from an individual cis_scan_configuration.
SELECT
region,
scan_name,
security_level,
schedule,
targets,
arn,
tags
FROM awscc.inspectorv2.cis_scan_configurations
WHERE
region = 'us-east-1' AND
Identifier = '{{ arn }}';
Lists all cis_scan_configurations in a region.
SELECT
region,
arn
FROM awscc.inspectorv2.cis_scan_configurations_list_only
WHERE
region = 'us-east-1';
INSERT example
Use the following StackQL query and manifest file to create a new cis_scan_configuration resource, using stack-deploy.
- Required Properties
- All Properties
- Manifest
/*+ create */
INSERT INTO awscc.inspectorv2.cis_scan_configurations (
ScanName,
SecurityLevel,
Schedule,
Targets,
region
)
SELECT
'{{ scan_name }}',
'{{ security_level }}',
'{{ schedule }}',
'{{ targets }}',
'{{ region }}';
/*+ create */
INSERT INTO awscc.inspectorv2.cis_scan_configurations (
ScanName,
SecurityLevel,
Schedule,
Targets,
Tags,
region
)
SELECT
'{{ scan_name }}',
'{{ security_level }}',
'{{ schedule }}',
'{{ targets }}',
'{{ tags }}',
'{{ region }}';
version: 1
name: stack name
description: stack description
providers:
- aws
globals:
- name: region
value: '{{ vars.AWS_REGION }}'
resources:
- name: cis_scan_configuration
props:
- name: scan_name
value: '{{ scan_name }}'
- name: security_level
value: '{{ security_level }}'
- name: schedule
value: null
- name: targets
value: null
- name: tags
value: {}
UPDATE example
Use the following StackQL query and manifest file to update a cis_scan_configuration resource, using stack-deploy.
/*+ update */
UPDATE awscc.inspectorv2.cis_scan_configurations
SET PatchDocument = string('{{ {
"ScanName": scan_name,
"SecurityLevel": security_level,
"Schedule": schedule,
"Targets": targets,
"Tags": tags
} | generate_patch_document }}')
WHERE
region = '{{ region }}' AND
Identifier = '{{ arn }}';
DELETE example
/*+ delete */
DELETE FROM awscc.inspectorv2.cis_scan_configurations
WHERE
Identifier = '{{ arn }}' AND
region = 'us-east-1';
Permissions
To operate on the cis_scan_configurations resource, the following permissions are required:
- Create
- Read
- Update
- Delete
- List
inspector2:CreateCisScanConfiguration,
inspector2:ListCisScanConfigurations,
inspector2:TagResource
inspector2:ListCisScanConfigurations,
inspector2:ListTagsForResource
inspector2:ListCisScanConfigurations,
inspector2:UpdateCisScanConfiguration,
inspector2:TagResource,
inspector2:UntagResource,
inspector2:ListTagsForResource
inspector2:ListCisScanConfigurations,
inspector2:DeleteCisScanConfiguration,
inspector2:UntagResource
inspector2:ListCisScanConfigurations,
inspector2:ListTagsForResource