Open steve-g-nz opened 4 months ago
@steve-g-nz thank you for reaching out. Please may you provide more context on:
@snebhu3 the template as documented deploys step functions that fail the Security Hub control StepFunctions.1 which is part of the AWS Foundational Security Best Practices v1.0.0 standard To prevent the control from failing the template would need to include logging for the state machines which would require the addition of a Cloudwatch log group and adding the relevant IAM permissions to the execution role
Thank you for the additional context. I have created an internal backlog to address this.
The template as currently provided fails the StepFunction.1 Security Hub control
Please update the custom-control-tower-initiation.template to include the following:
logs
IAM policiesAdditional context StepFunctions.1