1 個回答
- 最新
- 最多得票
- 最多評論
0
By default config recording is not turned on in the Master Account (root). A quick glance at the link you provided highlights some of them are prior to organization features which have been introduced for SecurityHub and IAM Access Analyzer. This feature will allow you to delegate these services to another account as noted in the here for SecurityHub and here for IAM Access Analyzer.
So one option is to enable Config on the Master Account although it is better to delegate these services to an account outside of the Master Account. If you delegate these services and also enable organizations for SecurityHub any new account vended via Control Tower will be added.
已回答 2 年前
相關內容
- AWS 官方已更新 1 年前