Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

AWS Config: securityhub-cloudformation-stack-notification-check

0

Hi all,

I have a conformance pack deployed in AWS Config.

When turnning SecurityHub with default standards, it created Config rules and one of the rule is securityhub-cloudformation-stack-notification-check which checks for CloudFormation stacks without notification configured.

As AWS Config deployed the conformance pack, it actually created a CloudFormation stack which is noncompliant with securityhub-cloudformation-stack-notification-check rule. I can't change this stack via Console nor CLI due to permission issue.

Is there a workaround?

Regards,

Trung

Argomenti
Sicurezza, identità e conformitàGestione e amministrazione
Tag
Hub di sicurezza AWSAWS Config
Lingua
English
Trung
posta 3 mesi fa194 visualizzazioni
1 Risposta
1

you can attempt to modify the CloudFormation stack to add notification configurations using the AWS CLI or SDK. However, this might not be possible if the stack is managed by AWS and has restricted permissions.You can create an exclusion for the securityhub-cloudformation-stack-notification-check rule for the specific CloudFormation stack created by AWS Config

profile picture
Jagan
con risposta 3 mesi fa
  • Trung
    3 mesi fa

    Yeah, can't change the Stack as it's managed by AWS as mentioned in my question.

    How can I create an exclusion? Rule doesn't have any input parameter for stack exclusion, i can't find a way in SecurityHub either.

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente