This repository is intended for anyone that wants to get started setting up Security Hub.

It will enable Security Hub, AWS Config, CloudTrail and GuardDuty across your AWS Organizations member accounts and regions. It will also configure Security Hub to use the Consolidated findings feature and disable security controls based on Guidance from AWS.

This repository uses Infrastructure as Code to set up Security Hub. The advantages are:

• you can review/audit the configuration of Security hub within source control
• the deployment is automated and no manual steps are needed
• you can modify and redeploy changes to your Security Hub configuration at any time to best fit your organizations need.

The quickstart uses the org-formation to deploy cloudformation templates, however it supports any AWS Organization (built with org-formation or otherwise) and wont make any changes to your AWS Organization.

All you have to do is to modify the organization-parameters.yml file and add the AccountId of your Security and LogArchive accounts and you are done.

1. fork this repo
2. modify the values in organization-parameters.yml
3. ensure you are signed into the management account of your AWS Organization
4. run the following command to deploy Security Hub: npm ci && npm run perform-tasks
5. discuss, exchange best practices or get help on slack