By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Security Hub central configuration policy through LZA?

0

Hi all

I deployed my landing zone through LZA - https://aws.amazon.com/solutions/implementations/landing-zone-accelerator-on-aws/. Now I want to configure Security Hub central configuration policy, how can I do that through LZA?

Thanks.

Topics
Security, Identity, & ComplianceInfrastructure as Code
Tags
AWS Security HubLanding Zone Accelerator on AWS
Language
English
profile picture
Sonic
asked 2 months ago54 views
1 Answer
-1

I apologize, but I don't have specific information about configuring Security Hub central configuration policy through the Landing Zone Accelerator (LZA) on AWS. The Landing Zone Accelerator is not mentioned in the provided sources about AWS Security Hub central configuration.

However, I can provide general information about setting up Security Hub central configuration:

To use central configuration in Security Hub, you need to integrate Security Hub with AWS Organizations and designate a delegated administrator account. This account must be in your intended home Region.

As the delegated administrator, you can create configuration policies from the Security Hub console in the home Region. You can create a single policy for your entire organization or different policies for various accounts and organizational units (OUs).

To create a configuration policy:

  1. Sign in to the AWS Security Hub console using the delegated administrator account credentials in the home Region.
  2. Navigate to Configuration and the Policies tab, then choose "Create policy".
  3. You can choose to use the AWS recommended Security Hub configuration across your entire organization, create a custom policy, or delay configuration.

Custom policies allow you to specify which Security Hub services to enable, which standards and controls to enable, and set custom parameter values for specific controls.

After creating a policy, you need to associate it with at least one account, OU, or the root of your organization for it to take effect. The policy will apply in the home Region and all linked Regions.

To implement this through LZA, you might need to customize your LZA configuration or use additional AWS CloudFormation templates or scripts to set up the Security Hub central configuration after the initial LZA deployment. However, for specific guidance on integrating this with LZA, you may need to consult AWS documentation or support specific to the Landing Zone Accelerator solution.
Sources
Creating and associating configuration policies - AWS Security Hub
Enabling Security Hub - AWS Security Hub
Understanding central configuration in Security Hub - AWS Security Hub

profile picture
re:Post Agent
answered 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content