AaronSchuetter
commented
1 month ago The runbook for this remediation is generated with the code in your screenshot and does not require a runbook in remediation_runbooks.
You will find a SSM automation document called ASR-NIST80053R5_5.0.0_EC2.13. Looking at this document shows that this remediation uses the AWS managed SSM document, AWS-DisablePublicAccessForSecurityGroup, to perform the remediation. This requires no custom scripts in remediation_runbooks/scripts.
I have tested this remediation in us-gov-west-1 and was able to successfully remediate the finding with ASR.
This remediation may be failing for another reason in your account. You can check the SO0111-SHARR-Orchestrator Step Function execution for an error message to further debug.
Describe the bug
EC2.13 points to a remediation runbook called "DisablePublicAccessForSecurityGroup" that doesn't seem to exist.
To Reproduce
Attempt to remediate finding for EC2.13 in Security Hub.
Expected behavior
Security group that failed the check will be remediated
Please complete the following information about the solution:
[ ] Version: (SO0111P) Automated Security Response on AWS NIST80053R5 5.0.0 Compliance Pack - Admin Account, v2.1.1
[ ] Region: [e.g. US-Gov-West]
[ ] Was the solution modified from the version published on this repository? No
[ ] If the answer to the previous question was yes, are the changes available on GitHub?
[ ] Have you checked your service quotas for the sevices this solution uses? N/A
[ ] Were there any errors in the CloudWatch Logs? Troubleshooting No
Screenshots If applicable, add screenshots to help explain your problem (please DO NOT include sensitive information).
Additional context Add any other context about the problem here.