From 5afe35788cebd427505535f8d61ef0c7faece673 Mon Sep 17 00:00:00 2001 From: Johan Steenhoven Date: Tue, 17 Dec 2024 13:21:25 +0100 Subject: [PATCH] Use correct org root id --- UPGRADING.md | 3 ++- security_hub.tf | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/UPGRADING.md b/UPGRADING.md index 74325bd..c762184 100644 --- a/UPGRADING.md +++ b/UPGRADING.md @@ -6,7 +6,8 @@ This document captures required refactoring on your part when upgrading to a mod ### Behaviour -This version changes the detault [Security Hub configuration to Central](https://docs.aws.amazon.com/securityhub/latest/userguide/central-configuration-intro.html). You can change this behaviour by setting `var.aws_security_hub.organization_configuration_type` to `LOCAL`. +> [!IMPORTANT] +> **This version changes the [Security Hub configuration to Central](https://docs.aws.amazon.com/securityhub/latest/userguide/central-configuration-intro.html).** This version enables Security Hub Findings Aggregation for all regions. You can change this behauviour by setting `var.aws_security_hub.aggregator_linking_mode` to `ALL_REGIONS_EXCEPT_SPECIFIED` or `SPECIFIED_REGIONS` and providing the list of regions via `var.aws_security_hub.aggregator_specified_regions` diff --git a/security_hub.tf b/security_hub.tf index 5b92370..8e88190 100644 --- a/security_hub.tf +++ b/security_hub.tf @@ -132,6 +132,6 @@ resource "aws_securityhub_configuration_policy" "default" { } resource "aws_securityhub_configuration_policy_association" "root" { - target_id = data.aws_organizations_organization.default.id + target_id = data.aws_organizations_organization.default.roots[0].id policy_id = aws_securityhub_configuration_policy.default.id }