AI CloudAdvisor (Beta)

My Presets

You must be logged in to save or view your saved configuration templates

Security Controls

Service Control PoliciesConfig RulesCloudWatch Alarms and Event RulesCloudFormation Guard RulesLogging & Monitoring ConfigurationsBackups & DRAuto Remediation RulesConformance PacksBilling and Cost ManagementS3 Bucket PoliciesSecurity Groups & NACLsIAM PoliciesVPC Endpoint Policies

AWS Services

Guided Walkthroughs

Configuration Packages

Reference Guides

Other

AI CloudAdvisor (Beta)

Configuration Stack
0

My Presets

Security Controls

AWS Services

VPC Security ControlsEC2 Security ControlsIAM Security ControlsS3 Security ControlsRDS Security ControlsOpenSearch/Elasticsearch Security ControlsEFS Security ControlsRoute53 Security ControlsDynamoDB Security ControlsECR Security ControlsEMR SecurityLambda SecurityCloudFormation SecurityCodeX Security ControlsCloudFront SecurityAWS Certificate Manager (ACM) SecurityAmazon GuardDutyAmazon InspectorAWS Security HubAWS Network FirewallRoute53 Resolver SecurityAmazon MacieAWS WAFAWS Secrets ManagerAWS Systems ManagerAWS KMSAWS SSOLoad BalancersRDS Event SubscriptionsAWS Resource Access Manager (RAM)Alexa SkillAmazon API GatewayAWS AppConfigAmazon AppFlowAWS App MeshAWS App RunnerAWS AppSyncApplication Auto ScalingAmazon AthenaAWS BatchAWS Billing ConductorAWS Clean RoomsAWS SNSAWS SQSAWS Service DiscoveryAWS Step FunctionsAWS CloudTrailAWS ConfigAWS CloudWatchAWS CognitoAmazon Connect

Guided Walkthroughs

Configuration Packages

Reference Guides

Other

AWS Security Hub

A collection of AWS Security controls for AWS Security Hub. Configuration items include templates to set up AWS Security Hub in an account as well as templates to enable compliance standards checking such as CIS AWS Foundations

Security Hub
Enable AWS Security Hub with Notifications and Prerequisites
Premium

A configuration package to enable AWS Security Hub in an AWS account including service prerequisites and notification. AWS Security Hub turns on CIS AWS Foundations Compliance Standards by default.

CloudFormation
Enable AWS Security Hub
Add to Stack

Configuration to enable AWS Security Hub in an AWS Account, with option to configure security standards such as CIS Foundation Benchmarks.

CloudFormationTerraformAWS CLI
CloudWatch Events
Detect Security Hub Findings
Add to Stack

A CloudWatch Event Rule that triggers on AWS Security Hub findings. The Event Rule can be used to trigger notifications or remediative actions using AWS Lambda.

CloudFormationTerraformAWS CLI
Config Rule
Security Hub Enabled
Add to Stack

A config rule that checks that AWS Security Hub is enabled for an AWS account. The rule is NON_COMPLIANT if Security Hub is not enabled.

CloudFormationTerraformAWS CLI
Service Control Policy
Prevent Users from Disabling AWS Security Hub in an account
Add to Stack

This SCP prevents users or roles in any affected account from disabling AWS Security Hub, deleting member accounts or disassociating an account from a master Security Hub account.

CloudFormationTerraformAWS CLI
Filter by source
 
Security Hub
CloudWatch Events
Config Rule
Service Control Policy