AWS re:Postを使用することにより、以下に同意したことになります AWS re:Post 利用規約
AWS re:Postre:Post

AWS Config: securityhub-cloudformation-stack-notification-check

0

Hi all,

I have a conformance pack deployed in AWS Config.

When turnning SecurityHub with default standards, it created Config rules and one of the rule is securityhub-cloudformation-stack-notification-check which checks for CloudFormation stacks without notification configured.

As AWS Config deployed the conformance pack, it actually created a CloudFormation stack which is noncompliant with securityhub-cloudformation-stack-notification-check rule. I can't change this stack via Console nor CLI due to permission issue.

Is there a workaround?

Regards,

Trung

トピック
セキュリティ、アイデンティティ、コンプライアンス管理とガバナンス
タグ
AWS Security HubAWS Config
言語
English
Trung
質問済み 3ヶ月前195ビュー
1回答
1

you can attempt to modify the CloudFormation stack to add notification configurations using the AWS CLI or SDK. However, this might not be possible if the stack is managed by AWS and has restricted permissions.You can create an exclusion for the securityhub-cloudformation-stack-notification-check rule for the specific CloudFormation stack created by AWS Config

profile picture
Jagan
回答済み 3ヶ月前
  • Trung
    3ヶ月前

    Yeah, can't change the Stack as it's managed by AWS as mentioned in my question.

    How can I create an exclusion? Rule doesn't have any input parameter for stack exclusion, i can't find a way in SecurityHub either.

ログインしていません。 ログイン 回答を投稿する。

優れた回答とは、質問に明確に答え、建設的なフィードバックを提供し、質問者の専門分野におけるスキルの向上を促すものです。

質問に答えるためのガイドライン

関連するコンテンツ