- Mais recentes
- Mais votos
- Mais comentários
Yes, the behavior of the management account not being automatically enrolled or having Config and Security Hub enabled by default is expected behavior. The management account in an AWS Organization has a special status as the root account and is not part of any Organizational Unit (OU). The automatic enrollment and service enablement processes are designed to target accounts within OUs, but they typically do not apply to the management account itself due to its distinct role and configuration.
This is an intentional design decision by AWS to maintain separation and control over the management account, which serves as the central administrative account for the entire AWS Organization. The management account is treated differently from other accounts to prevent unintended changes or configurations from being applied automatically.
Conteúdo relevante
- AWS OFICIALAtualizada há 2 anos
- AWS OFICIALAtualizada há 3 anos
- AWS OFICIALAtualizada há um ano
- AWS OFICIALAtualizada há 2 anos
Since you say "management account not being automatically enrolled or having Config and Security Hub enabled by default is expected behavior." Does that mean the management account is not an account we want to monitor (by monitor i mean find security findings) on securityhub at all? I assumed we were supposed to monitor all accounts including management account as well.