Comments (3)
ok, Thank you Ryan. I really found this asset very useful.
It would have been great if we could just enable CIS best practices without the "Foundational Security Best Practices " using the enablesecurityhub.py. As a workaround we will run the disablesecurityhub.py as you suggested.
I will explore the delegated administrator feature to enable Security Hub.
thank you
from aws-securityhub-multiaccount-scripts.
When enabling Security Hub via the API both CIS and Foundational Security Best Practices are now enabled by default. If you want to disable the Foundational Security Best Practices standard you can use the disablesecurityhub.py script in this repo with the '--disable_standards_only' option to disable that standard.
Also if you use AWS Organizations you might want to leverage the delegated administrator feature to enable Security Hub on all accounts, and any new accounts with the auto-enable feature. https://docs.aws.amazon.com/securityhub/latest/userguide/designate-orgs-admin-account.html
from aws-securityhub-multiaccount-scripts.
I upvote on this. there is no point in enabling the Foundational Security Best Practices when using the enablesecurity.py
script
from aws-securityhub-multiaccount-scripts.
Related Issues (20)
- AccessDenied when calling the AssumeRole operation
- InvalidInputException HOT 2
- Invalid length for parameter StandardsSubscriptionRequests HOT 2
- AWS Foundational Security Best Practices controls HOT 2
- Error with not-opted-in regions with unspecified --enabled_regions
- Unable to run locally
- Will script support setting up master accounts only for now?
- Error Processing Account HOT 4
- It fails with incorrect error for each region not already enabled HOT 16
- CSV example needed HOT 1
- AWS Config not enabled and SNS topics creation
- Feature: Enable for all accounts in organization HOT 5
- sts:AssumeRole fails for sso user and iam account user HOT 2
- Fails and leaves the accounts in a broken state...
- Doesn't notice failures due to not waiting for config to enable
- Should this work in GovCloud?
- Getting timeout error after assuming role in check_config() part HOT 1
- Disable Security Hub on a particular region
- Error: The state/task 'UpdateMembers' returned a result with a size exceeding the maximum number of bytes service limit. HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from aws-securityhub-multiaccount-scripts.