- 최신
- 최다 투표
- 가장 많은 댓글
Yes, the behavior of the management account not being automatically enrolled or having Config and Security Hub enabled by default is expected behavior. The management account in an AWS Organization has a special status as the root account and is not part of any Organizational Unit (OU). The automatic enrollment and service enablement processes are designed to target accounts within OUs, but they typically do not apply to the management account itself due to its distinct role and configuration.
This is an intentional design decision by AWS to maintain separation and control over the management account, which serves as the central administrative account for the entire AWS Organization. The management account is treated differently from other accounts to prevent unintended changes or configurations from being applied automatically.
관련 콘텐츠
- AWS 공식업데이트됨 2년 전
Since you say "management account not being automatically enrolled or having Config and Security Hub enabled by default is expected behavior." Does that mean the management account is not an account we want to monitor (by monitor i mean find security findings) on securityhub at all? I assumed we were supposed to monitor all accounts including management account as well.