- 최신
- 최다 투표
- 가장 많은 댓글
You do need to enable Security Hub in each account and in each region that your workloads are hosted in, individually.
You can of course achieve this easily by using CloudFormation.
To use Security Hub within an AWS Organization, do the following:
-
Choose one account (lets call it security-tooling account with id 123456789012) as your org wide security tooling account.
-
Delegate AWS Security Hub administration to this security-tooling account.
-
If are going to use other security services its best practice to make this security-tooling account the delegated administrator for those services as well (ex: Amazon GuardDuty, Amazon Inspector).
-
Enable AWS Config in every account and every region that you want to use AWS Security Hub in (This is because AWS Security Hub depends on AWS Config).
-
Enable AWS Security Hub in every account and every region that you want to.
-
In the Security-tooling (delegated administrator ) account; navigage to: Security Hub --> Settings --> Account Management.
-
Here you will see the list of accounts in your AWS Organization. You can enable these accounts. This enablement is so that those accounts send findings to the Security-tooling (delegated administrator) account.
-
Check the "auto enable accounts". When you do this, all subsequent accounts that get added to the organization will directly become members and start sending findings to the delegated administrator account. (IF AWS SECURITY HUB IS ENABLED IN THOSE ACCOUNTS)
-
Finally navigate to Security Hub --> Settings --> Regions. Select an aggregation region and add Linked regions, so as to aggregate findings in one region.
KEY POINT: An account may become a member but that would be of no use if AWS Security Hub is not enabled in it. An account may have AWS Security Hub enabled in it, but your findings will not be centralised if it is not made member account.
When you use both Security Hub and AWS Organizations together, you can automatically enable Security Hub for all of your accounts, including new accounts as they are added. This increases the coverage for Security Hub checks and findings, which provides a more comprehensive and accurate picture of your overall security posture.
The detail instruction is at here: https://docs.aws.amazon.com/securityhub/latest/userguide/accounts-transition-to-orgs.html
관련 콘텐츠
AWS 공식업데이트됨 2년 전- AWS 공식업데이트됨 일 년 전
- AWS 공식업데이트됨 2년 전
I have enabled that and i can see the child accounts in the masters security hub however there are no finding for sub accounts. if a security standard has been enabled at the master security hub than does it automatically propagate to the linked accounts?