- Le plus récent
- Le plus de votes
- La plupart des commentaires
Here is a blog showing you how to automate enabling a Security Hub standard across your org using CloudFormation StackSets. https://aws.amazon.com/blogs/security/enable-security-hub-pci-dss-standard-across-your-organization-and-disable-specific-controls/
You can create the StackSet with Terraform. https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack_set
This blog will show you how to use CloudFormation StackSets to automate the deployment of a Security Hub standard across your organization. https://aws.amazon.com/blogs/security/enable-security-hub-pci-dss-standard-across-your-organization-and-disable-specific-controls/
I don't know about Terraform but you can use CloudFormation StackSets applied to the Organization so stacks are created automatically as accounts are added. You'd still need to take action to add new Regions though.
We are using this solution https://github.com/aws-samples/aws-security-hub-cross-account-controls-disabler for disabling and enabling the controls for members' accounts. It is working really well
Contenus pertinents
- demandé il y a un an
- demandé il y a 2 mois
- demandé il y a 8 mois
- AWS OFFICIELA mis à jour il y a un an
- AWS OFFICIELA mis à jour il y a 2 ans
- AWS OFFICIELA mis à jour il y a 3 ans
Thanks this is very useful.