使用 AWS re:Post 即表示您同意 AWS re:Post 使用條款
AWS re:Postre:Post

AWS Config: securityhub-cloudformation-stack-notification-check

0

Hi all,

I have a conformance pack deployed in AWS Config.

When turnning SecurityHub with default standards, it created Config rules and one of the rule is securityhub-cloudformation-stack-notification-check which checks for CloudFormation stacks without notification configured.

As AWS Config deployed the conformance pack, it actually created a CloudFormation stack which is noncompliant with securityhub-cloudformation-stack-notification-check rule. I can't change this stack via Console nor CLI due to permission issue.

Is there a workaround?

Regards,

Trung

主題
安全性、身分識別與合規管理與治理
標籤
AWS 安全中心AWS Config
語言
English
Trung
已提問 3 個月前檢視次數 194 次
1 個回答
1

you can attempt to modify the CloudFormation stack to add notification configurations using the AWS CLI or SDK. However, this might not be possible if the stack is managed by AWS and has restricted permissions.You can create an exclusion for the securityhub-cloudformation-stack-notification-check rule for the specific CloudFormation stack created by AWS Config

profile picture
Jagan
已回答 3 個月前
  • Trung
    3 個月前

    Yeah, can't change the Stack as it's managed by AWS as mentioned in my question.

    How can I create an exclusion? Rule doesn't have any input parameter for stack exclusion, i can't find a way in SecurityHub either.

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南

相關內容