#!/bin/bash

# A script to enable AWS Security Hub and then clean up using AWS CLI.

# --- Configuration ---
REGION="us-east-1"

# --- 1. Enable Security Hub ---
echo "--- Enabling AWS Security Hub ---"
HUB_ARN=$(aws securityhub enable-security-hub \
  --region $REGION \
  --query 'HubArn' --output text)

echo "AWS Security Hub enabled. Hub ARN: $HUB_ARN"

# --- 2. Output Hub ARN ---
echo -e "\n--- AWS Security Hub Enabled Successfully! ---"
echo "Hub ARN: $HUB_ARN"
echo "Security Hub is now collecting security findings for your account."

read -p "Press Enter to disable AWS Security Hub..."

# --- Clean Up ---
echo -e "\n--- Cleaning up resources ---"

# Disable Security Hub
echo "Disabling AWS Security Hub..."
aws securityhub disable-security-hub \
  --region $REGION

echo "AWS Security Hub disabled."

echo -e "\n--- AWS Security Hub demonstration and cleanup complete ---"