A collection of AWS Security controls for AWS Security Hub. Configuration items include templates to set up AWS Security Hub in an account as well as templates to enable compliance standards checking such as CIS Foundation benchmarks for AWS.
A configuration package to enable AWS Security Hub in an AWS account including service prerequisites and notification. AWS Security Hub turns on CIS AWS Foundations Compliance Standards by default.
A CloudWatch Event Rule that triggers on AWS Security Hub findings. The Event Rule can be used to trigger notifications or remediative actions using AWS Lambda.
This SCP prevents users or roles in any affected account from disabling AWS Security Hub, deleting member accounts or disassociating an account from a master Security Hub account.