Community::SecurityHub::Hub, Master & Members

Community::SecurityHub::Hub is a better AWS::SecurityHub::Hub

Loosely modeled after GuardDuty::Master and GuardDuty::Member.

SecurityHub supports inviting multiple accounts at once, therefore Members (plural). Master resource goes into the Mester accounts. Member resource goes into the Master account. This doesn't make complete sense for me, but it is how GuardDuty works...

  SecurityHubMembers:
    Type: Community::SecurityHub::Members
    Properties:
      MemberAccountIDs: List<String>

Community::SecurityHub::Members calls apis:

create-members
invite-members

  SecurityHubMaster:
    Type: Community::SecurityHub::Master
    Properties:
      MasterAccountId: String

Community::SecurityHub::Master calls apis:

list-invitations
accept-invitation (compares on MasterAccountId)

  SecurityHub:
    Type: Community::SecurityHub::Hub
    Properties:
      AutoEnableControls: true | false # default true
      Standards: 
        EnablePCIDSS: true | false # default false
        EnableCISFoundations: true | false # default false
        EnableSecurityFoundations: true | false # default false

Community::SecurityHub::Hub. calls apis:

update-security-hub-configuration
enable-security-hub

org-formation / aws-resource-providers

Community::SecurityHub::Hub, Master & Members #27