amazon-web-servicestaggingaws-security-hub

Is it possible to tag a Security hub resource?


As part of tagging all the AWS resources we use, I am trying to tag Security Hub with below arn. However, I don't see any option in the AWS console.

arn:aws:securityhub:eu-west-2:XXXXXXXX:hub/default

Also, the resource list in the below link does not show the security hub resource. Please advise.

Resource types you can use with AWS Resource Groups and Tag Editor https://docs.aws.amazon.com/ARG/latest/userguide/supported-resources.html#supported-resources-tagging-console


Solution

  • I would look at using the SecurityHubClient, which is the Security Hub service client to perform this task. This API exposes a method to tag resources as shown here:

    https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/securityhub/SecurityHubClient.html#tagResource(software.amazon.awssdk.services.securityhub.model.TagResourceRequest)

    You can also use CLI. To tag a Security Hub resource using the AWS CLI, you can use the aws securityhub tag-resource command.

    The basic syntax for the command is:

    aws securityhub tag-resource --resource-arn <resource-arn> --tags <tags>