Skip to content

Policy: AWSSecurityHubServiceRolePolicy

ARN: arn:aws:iam::aws:policy/aws-service-role/AWSSecurityHubServiceRolePolicy

Allowed Actions

Actions Services
cloudtrail:DescribeTrails cloudtrail
cloudtrail:GetEventSelectors cloudtrail
cloudtrail:GetTrailStatus cloudtrail
cloudwatch:DescribeAlarms cloudwatch
cloudwatch:DescribeAlarmsForMetric cloudwatch
config:BatchGetResourceConfig config
config:DeleteConfigRule config
config:DescribeConfigRuleEvaluationStatus config
config:DescribeConfigRules config
config:DescribeConfigurationRecorderStatus config
config:DescribeConfigurationRecorders config
config:GetComplianceDetailsByConfigRule config
config:PutConfigRule config
config:PutEvaluations config
config:SelectResourceConfig config
iam:GenerateCredentialReport iam
iam:GetCredentialReport iam
logs:DescribeMetricFilters logs
organizations:DescribeAccount organizations
organizations:DescribeOrganization organizations
organizations:DescribeOrganizationalUnit organizations
organizations:ListAWSServiceAccessForOrganization organizations
organizations:ListAccounts organizations
organizations:ListChildren organizations
organizations:ListDelegatedAdministrators organizations
securityhub:BatchDisableStandards securityhub
securityhub:BatchEnableStandards securityhub
securityhub:BatchGetSecurityControls securityhub
securityhub:BatchGetStandardsControlAssociations securityhub
securityhub:BatchUpdateStandardsControlAssociations securityhub
securityhub:CreateMembers securityhub
securityhub:DeleteMembers securityhub
securityhub:DescribeHub securityhub
securityhub:DescribeOrganizationConfiguration securityhub
securityhub:DescribeStandards securityhub
securityhub:DescribeStandardsControls securityhub
securityhub:DisableSecurityHub securityhub
securityhub:DisassociateFromAdministratorAccount securityhub
securityhub:DisassociateMembers securityhub
securityhub:EnableSecurityHub securityhub
securityhub:GetEnabledStandards securityhub
securityhub:ListSecurityControlDefinitions securityhub
securityhub:ListStandardsControlAssociations securityhub
securityhub:UpdateOrganizationConfiguration securityhub
securityhub:UpdateSecurityControl securityhub
securityhub:UpdateSecurityHubConfiguration securityhub
securityhub:UpdateStandardsControl securityhub
sns:ListSubscriptionsByTopic sns
tag:GetResources tag