A configuration package to enable AWS Security Hub in an AWS account including service prerequisites and notification. AWS Security Hub turns on CIS AWS Foundations Compliance Standards by default.
CloudFormation
By Implementation
Service Control PoliciesConfig RulesAuto Remediation RulesConformance PacksAmazon GuardDutyAmazon InspectorAWS Security HubNetwork FirewallAmazon MacieBilling and Cost ManagementS3 Bucket PoliciesCloudWatch Alarms and Event RulesLogging & Monitoring ConfigurationsAWS WAFBackups & DRAWS Systems ManagerSecurity Groups & NACLsAWS KMSIAM Policies
By Service Protected
Configuration Packages
Strategy Guides
By Service Protected
By Implementation
Service Control Policies
Config Rules
Auto Remediation Rules
Conformance Packs
Amazon GuardDuty
Amazon Inspector
AWS Security Hub
Network Firewall
Amazon Macie
Billing and Cost Management
S3 Bucket Policies
CloudWatch Alarms and Event Rules
Logging & Monitoring Configurations
AWS WAF
Backups & DR
AWS Systems ManagerSecurity Groups & NACLs
AWS KMS
IAM PoliciesConfiguration Packages
Strategy Guides
AWS Security Hub
A collection of AWS Security controls for AWS Security Hub. Configuration items include templates to set up AWS Security Hub in an account as well as templates to enable compliance standards checking such as CIS AWS Foundations
Security Hub
Configuration to enable AWS Security Hub in an AWS Account, with option to configure security standards such as CIS Foundation Benchmarks.
CloudFormationTerraformAWS CLI
CloudWatch Events
A CloudWatch Event Rule that triggers on AWS Security Hub findings. The Event Rule can be used to trigger notifications or remediative actions using AWS Lambda.
CloudFormationTerraformAWS CLI
Config Rule
A config rule that checks that AWS Security Hub is enabled for an AWS account. The rule is NON_COMPLIANT if Security Hub is not enabled.
CloudFormationTerraformAWS CLI
Service Control Policy
This SCP prevents users or roles in any affected account from disabling AWS Security Hub, deleting member accounts or disassociating an account from a master Security Hub account.
CloudFormationTerraformAWS CLI