You must be logged in to view saved presets
AWS Security Hub
AWS Security Hub Configuration Package
A configuration package to enable AWS Security Hub in an AWS account including service prerequisites and notification. AWS Security Hub turns on CIS AWS Foundations Compliance Standards by default. In addition to setting up AWS Security Hub, this package includes:
A premium subscription is required for this contentYou can access configuration templates for all includes services in our repository for free! Go to Library
Items
4
Size
1.8 KB
AWSTemplateFormatVersion: '2010-09-09'
Description: ''
Resources:
SecurityHub:
Type: 'AWS::SecurityHub::Hub'
Properties: {}
SnsTopic1:
Type: 'AWS::SNS::Topic'
Properties:
Subscription:
- Endpoint: email@example.com
Protocol: email
TopicName: sns-topic
CwEvent1:
Type: 'AWS::Events::Rule'
Properties:
Name: detect-securityhub-finding
Description: A CloudWatch Event Rule that triggers on AWS Security Hub findings. The Event Rule can be used to trigger notifications or remediative actions using AWS Lambda.
State: ENABLED
Targets:
- Arn:
Ref: SnsTopic1
Id: target-id1
EventPattern:
detail-type:
- Security Hub Findings - Imported
source:
- aws.securityhub
SnsTopicPolicyCwEvent1:
Type: 'AWS::SNS::TopicPolicy'
Properties:
PolicyDocument:
Statement:
- Sid: __default_statement_ID
Effect: Allow
Principal:
AWS: '*'
Action:
- 'SNS:GetTopicAttributes'
- 'SNS:SetTopicAttributes'
- 'SNS:AddPermission'
- 'SNS:RemovePermission'
- 'SNS:DeleteTopic'
- 'SNS:Subscribe'
- 'SNS:ListSubscriptionsByTopic'
- 'SNS:Publish'
- 'SNS:Receive'
Resource:
Ref: SnsTopic1
Condition:
StringEquals:
'AWS:SourceOwner':
Ref: 'AWS::AccountId'
- Sid: TrustCWEToPublishEventsToMyTopic
Effect: Allow
Principal:
Service: events.amazonaws.com
Action: 'sns:Publish'
Resource:
Ref: SnsTopic1
Topics:
- Ref: SnsTopic1
Parameters: {}
Metadata: {}
Conditions: {}
© 2024 asecurecloud. All rights reserved.