Deleted AWS resource still shows in AWS Security Hub findings

There are conditions for an automatic deletion. AWS Security Hub findings backed by AWS Config are automatically archived when AWS Config identifies that a resource has been deleted. However, for some AWS service integrations, such as Amazon GuardDuty and third-party partner products, findings aren’t automatically resolved or archived when a resource is deleted. This can result in orphaned findings for resources that no longer exist: https://docs.aws.amazon.com/securityhub/latest/userguide/controls-findings-create-update.html#securityhub-standards-results-updating

Here is a blog post you can review in order to control the deletion workflow: https://aws.amazon.com/blogs/security/automatically-resolve-security-hub-findings-for-resources-that-no-longer-exist/

Hope it helps,

Jon

Currently, we are using the Security hub Automation feature to resolve those findings. AWS Security Hub launches a new capability for automating actions to update findings | AWS Security Blog https://aws.amazon.com/blogs/security/aws-security-hub-launches-a-new-capability-for-automating-actions-to-update-findings/