Feature to integrate/enable support for CIS AWS Foundations Benchmark v3.0.0 Security Hub Framework

aws-samples / aws-secure-environment-accelerator

The AWS Secure Environment Accelerator is a tool designed to help deploy and operate secure multi-account, multi-region AWS environments on an ongoing basis. The power of the solution is the configuration file which enables the completely automated deployment of customizable architectures within AWS without changing a single line of code.

Apache License 2.0

725 stars 233 forks source link

Feature to integrate/enable support for CIS AWS Foundations Benchmark v3.0.0 Security Hub Framework #1227

Open sunilabi-asea2 opened 4 months ago

sunilabi-asea2 commented 4 months ago

I'm looking for the new Security Hub feature that aligns with the CIS AWS Foundations Benchmark v3.0.0 to be integrated and enabled within my organization's ASEA environment.

Brian969 commented 4 months ago

a) did you test this, the way we wrote the code, I'd bet it works; b) ASEA is on path to deprecation in 2025 and is not receiving any new features/functionality.

sunilabi-asea2 commented 3 months ago

Tested and it failed. PBMMAccel-Security-Phase2 | 12:17:19 PM | UPDATE_FAILED | Custom::SecurityHubSendInvites | SecurityPhase2ApSoutheast_1/SecurityHubMasterAccountSetup/InviteMembersSecurityHubStandards-security-Settings/Resource/Default (SecurityHubMasterAccountSetupInviteMembersSecurityHubStandardssecuritySettings10E03122) Received response status [FAILED] from custom resource. Message returned: AccessDeniedException: Account xxxxxxxxx is managed by a configuration policy (RequestId: 7c580b36-eb2e-xxxxxxx)