Error about AWS Config in Master Account after setting up Control Tower and SecurityHub

0

Hello, in our Test Org. we installed Control Tower like described in (https://www.youtube.com/watch?v=CwRy0t8nfgM) after that we set up IAM Access Analyzer, GuardDuty and SecurityHub like described in (https://youtu.be/hhvs4ZHGdIg). In SecurityHub i get the message AWS Config is not active in the Masteraccount of the Org.. Does this conflict with CT when i activate it, if not why the set up templates and files from git dont activate it on installation?

Links followed for the set up:

ControlTower

SecurityHub etc.

1 Answer
0

By default config recording is not turned on in the Master Account (root). A quick glance at the link you provided highlights some of them are prior to organization features which have been introduced for SecurityHub and IAM Access Analyzer. This feature will allow you to delegate these services to another account as noted in the here for SecurityHub and here for IAM Access Analyzer.

So one option is to enable Config on the Master Account although it is better to delegate these services to an account outside of the Master Account. If you delegate these services and also enable organizations for SecurityHub any new account vended via Control Tower will be added.

AWS
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions