- Neueste
- Die meisten Stimmen
- Die meisten Kommentare
Yes, the behavior of the management account not being automatically enrolled or having Config and Security Hub enabled by default is expected behavior. The management account in an AWS Organization has a special status as the root account and is not part of any Organizational Unit (OU). The automatic enrollment and service enablement processes are designed to target accounts within OUs, but they typically do not apply to the management account itself due to its distinct role and configuration.
This is an intentional design decision by AWS to maintain separation and control over the management account, which serves as the central administrative account for the entire AWS Organization. The management account is treated differently from other accounts to prevent unintended changes or configurations from being applied automatically.
Relevanter Inhalt
- AWS OFFICIALAktualisiert vor 2 Jahren
- AWS OFFICIALAktualisiert vor einem Jahr
Since you say "management account not being automatically enrolled or having Config and Security Hub enabled by default is expected behavior." Does that mean the management account is not an account we want to monitor (by monitor i mean find security findings) on securityhub at all? I assumed we were supposed to monitor all accounts including management account as well.