En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post

AWS Config: securityhub-cloudformation-stack-notification-check

0

Hi all,

I have a conformance pack deployed in AWS Config.

When turnning SecurityHub with default standards, it created Config rules and one of the rule is securityhub-cloudformation-stack-notification-check which checks for CloudFormation stacks without notification configured.

As AWS Config deployed the conformance pack, it actually created a CloudFormation stack which is noncompliant with securityhub-cloudformation-stack-notification-check rule. I can't change this stack via Console nor CLI due to permission issue.

Is there a workaround?

Regards,

Trung

Sujets
Sécurité, identité et conformitéGestion et gouvernance
Balises
Hub de sécurité AWSAWS Config
Langue
English
Trung
demandé il y a 3 mois193 vues
1 réponse
1

you can attempt to modify the CloudFormation stack to add notification configurations using the AWS CLI or SDK. However, this might not be possible if the stack is managed by AWS and has restricted permissions.You can create an exclusion for the securityhub-cloudformation-stack-notification-check rule for the specific CloudFormation stack created by AWS Config

profile picture
Jagan
répondu il y a 3 mois
  • Trung
    il y a 3 mois

    Yeah, can't change the Stack as it's managed by AWS as mentioned in my question.

    How can I create an exclusion? Rule doesn't have any input parameter for stack exclusion, i can't find a way in SecurityHub either.

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions

Contenus pertinents