AWS Security Hub

[tomwwright]

Security account should be enabled and configured as a master account for all Organization accounts

https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-accounts.html

From my research, it doesn't seem that Security Hub has any native Organization integrations via IAM, so just need to create invites and accept them for all accounts.

Onboarding of new accounts should be automated

[tomwwright]

Organizations integration to be included https://aws.amazon.com/about-aws/whats-new/2020/11/aws-security-hub-integrates-with-aws-organizations-for-simplified-security-posture-management/