2 Answers
- Newest
- Most votes
- Most comments
1
I have been seeing this issue as well. At re:Invent this year I had many discussions around this and am working with an SA to demonstrate the problem. The SH Check Lags behind Control Tower protect that setting on Config in all regions that are not your primary/home. The alternative I am looking at currently is to globally disable the check with a description using this solution: https://github.com/aws-samples/aws-security-hub-cross-account-controls-disabler
Let me know if you have any questions on that. I have successfully deployed it and testing CIS checks currently.
answered a year ago
0
Thanks, good to know that I'm not seeing things. The global enabler/disabler solution is interesting but I wish the SH team would make this a feature of delegated management.
answered a year ago
Relevant content
- asked 3 days ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 10 months ago