Ao usar o AWS re:Post, você concorda com os AWS re:Post Termos de uso
AWS re:Postre:Post

AWS Config: securityhub-cloudformation-stack-notification-check

0

Hi all,

I have a conformance pack deployed in AWS Config.

When turnning SecurityHub with default standards, it created Config rules and one of the rule is securityhub-cloudformation-stack-notification-check which checks for CloudFormation stacks without notification configured.

As AWS Config deployed the conformance pack, it actually created a CloudFormation stack which is noncompliant with securityhub-cloudformation-stack-notification-check rule. I can't change this stack via Console nor CLI due to permission issue.

Is there a workaround?

Regards,

Trung

Tópicos
Segurança, identidade e conformidadeGestão e governança
Tags
Hub de segurança da AWSAWS Config
Idioma
English
Trung
feita há 3 meses193 visualizações
1 Resposta
1

you can attempt to modify the CloudFormation stack to add notification configurations using the AWS CLI or SDK. However, this might not be possible if the stack is managed by AWS and has restricted permissions.You can create an exclusion for the securityhub-cloudformation-stack-notification-check rule for the specific CloudFormation stack created by AWS Config

profile picture
Jagan
respondido há 3 meses
  • Trung
    há 3 meses

    Yeah, can't change the Stack as it's managed by AWS as mentioned in my question.

    How can I create an exclusion? Rule doesn't have any input parameter for stack exclusion, i can't find a way in SecurityHub either.

Você não está conectado. Fazer login para postar uma resposta.

Uma boa resposta responde claramente à pergunta, dá feedback construtivo e incentiva o crescimento profissional de quem perguntou.

Diretrizes para responder a perguntas

Conteúdo relevante