AWS announces AWS Interconnect – multicloud (preview), providing simple, resilient, high-speed private connections to other cloud service providers. AWS Interconnect - multicloud is easy to configure and provides high-speed, resilient connectivity with dedicated bandwidth, enabling customers to interconnect AWS networking services such as AWS Transit Gateway, AWS Cloud WAN, and Amazon VPC to other cloud service providers with ease.
The way to set Resource Tagging Standard of Security Hub all at once?
Hi,
I would like to use newly released AWS Resource Tagging Standard v1.0.0 of Security Hub to inspect whether the required tags are applied across the AWS account uniformly.
On my understanding, the AWS Resource Tagging Standard v1.0.0 has a Standard for each AWS resource, and for each of them, you can set the required tag parameters, which can then be inspected via the Security Hub.
My question is, I understand that there are currently 85 Standards, but if I want to inspect all of them for the presence of a common tag, do I need to set a Parameter for each of the 85 Standards? Is there any way to set them all at once?
Thanks
- Language
- English
- Newest
- Most votes
- Most comments
Yes, you have to set each control separately to look for the same tag key. Otherwise, they'll consider the presence of any tag key as sufficient.
For applying the same settings across multiple accounts, you can use a central configuration policy in the delegated administrator AWS account for Security Hub to apply the same settings across many accounts. https://docs.aws.amazon.com/securityhub/latest/userguide/central-configuration-intro.html
To create the central configuration policy without configuring every control manually via the console, you can use CloudFormation resource types, including AWS::SecurityHub::ConfigurationPolicy: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securityhub-configurationpolicy.html
If you only want to configure the tags in one account, you can do that also with the CloudFormation resource type AWS::SecurityHub::SecurityControl: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securityhub-securitycontrol.html or via the command-line interface: https://awscli.amazonaws.com/v2/documentation/api/latest/reference/securityhub/update-security-control.html
Relevant content
- asked 2 years ago
