Open ssofian opened 1 year ago
Amazon Detective is available in the security config. This is a link to the configuration documentation https://awslabs.github.io/landing-zone-accelerator-on-aws/classes/_aws_accelerator_config.DetectiveConfig.html It is not enabled by default in the best practice configurations because GuardDuty must be enabled for 48 hours prior to enabling Detective. https://docs.aws.amazon.com/detective/latest/adminguide/detective-enabling.html.
Have you configured the service and it's not working?
Oopss.. I meant Inspector.. Not Detective... The subject is Inspector, my bad :)
Following since I was looking for same enhancement
Please add this functionality to Landing Zone Accelerator on AWS. We now use Customizations for AWS Control Tower (CFCT) and aws-security-reference-architecture-examples to configure Inspector for new and existing accounts.
It would be nice if we can use a single solution to configure inspector for new and existing accounts.
Hi @crissupb ,
We'd also be after Inspector configuration - are you able to remove the response requested
flag?
This functionality would be helpful for our deployments. Would it be possible to get an update and the response requested flag removed?
Hi AWS LZA Team, Do you have an ETA for inspector support? Trying to deploy through SRA then bake in customizaion_config, its very challenging though!
Hi @bo1984 ,
Are you able to assist with the update of flags?
https://github.com/awslabs/landing-zone-accelerator-on-aws/issues/109#issuecomment-1953173856
Wanted to follow up and ask if there is an ETA on this? Using SRA customization is not straightforward and would be nice if the security-config or another config file would "natively" support the security lake management for the organization.
Is your feature request related to a problem? Please describe. A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
Describe the feature you'd like Support for enabling Amazon Inspectorv2 in security_config. Designating Audit account as Delegated Administrator and activating scans across all members accounts in AWS Organizations.
Additional context Add any other context or screenshots about the feature request here.