The AWS Secure Environment Accelerator is a tool designed to help deploy and operate secure multi-account, multi-region AWS environments on an ongoing basis. The power of the solution is the configuration file which enables the completely automated deployment of customizable architectures within AWS without changing a single line of code.
Retiring the Lambda.4 control:
Security Hub is retiring the control [Lambda.4] Lambda functions should have a dead-letter queue configured. When a control is retired, it no longer displays on the console, and Security Hub does not perform checks against it.
Retiring the PCI.EC2.3 control:
Security Hub is retiring the control [PCI.EC2.3] Unused EC2 security groups should be removed. When a control is retired, it no longer displays on the console, and Security Hub does not perform checks against it.
Describe the solution you'd like
A clear and concise description of what you want to happen.
Remove the controls Lambda.4 and PCI.EC2.3 from all sample configs in the "security-hub-frameworks" section under "controls-to-disable".
Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.
N/A
Additional context
Add any other context or screenshots about the feature request here.
N/A
archikierstead
commented
10 months ago
Required Basic Info To properly assess the enhancement request, we require information on the version of the Accelerator you based this request upon:
Is your feature request related to a problem? Please describe. There are AWS Security Hub controls that have retired. Refer to : https://docs.aws.amazon.com/securityhub/latest/userguide/doc-history.html
Retiring the Lambda.4 control: Security Hub is retiring the control [Lambda.4] Lambda functions should have a dead-letter queue configured. When a control is retired, it no longer displays on the console, and Security Hub does not perform checks against it.
Retiring the PCI.EC2.3 control: Security Hub is retiring the control [PCI.EC2.3] Unused EC2 security groups should be removed. When a control is retired, it no longer displays on the console, and Security Hub does not perform checks against it.
Describe the solution you'd like A clear and concise description of what you want to happen. Remove the controls Lambda.4 and PCI.EC2.3 from all sample configs in the "security-hub-frameworks" section under "controls-to-disable".
Describe alternatives you've considered A clear and concise description of any alternative solutions or features you've considered. N/A
Additional context Add any other context or screenshots about the feature request here. N/A