You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment
Is your feature request related to a problem? Please describe
I would like to deploy consolidated control findings in Security Hub, but the role definition and Lambda in the SRA solution don't yet support it.
Describe the solution you'd like
I'd like the sra-securityhub-configuration role to include permissions for the batch security control APIs and the deployment Lambda to explicitly specify consolidation when enabling Security Hub, to make the behavior of Security Hub deployments use this feature. This is the new default behavior, but my account was using Security Hub before that was changed.
This field, used when enabling Security Hub, specifies whether the calling account has consolidated control findings turned on. If the value for this field is set to SECURITY_CONTROL, Security Hub generates a single finding for a control check even when the check applies to multiple enabled standards.
If the value for this field is set to STANDARD_CONTROL, Security Hub generates separate findings for a control check when the check applies to multiple enabled standards.
The value for this field in a member account matches the value in the administrator account. For accounts that aren’t part of an organization, the default value of this field is SECURITY_CONTROL if you enabled Security Hub on or after February 23, 2023.
My fork includes changes to the role definition and Lambda so that consolidated findings are used when deploying the Security Hub Organization solution.
The text was updated successfully, but these errors were encountered:
Community Note
Is your feature request related to a problem? Please describe
I would like to deploy consolidated control findings in Security Hub, but the role definition and Lambda in the SRA solution don't yet support it.
Describe the solution you'd like
I'd like the
sra-securityhub-configuration
role to include permissions for the batch security control APIs and the deployment Lambda to explicitly specify consolidation when enabling Security Hub, to make the behavior of Security Hub deployments use this feature. This is the new default behavior, but my account was using Security Hub before that was changed.Please see https://github.com/oshaughnessy/aws-security-reference-architecture-examples/pull/1/files for example code.
Describe alternatives you've considered
The alternative would be to leave consolidated control findings off.
Additional context
See the AWS blog post, Prepare for consolidated controls view and consolidated control findings in AWS Security Hub
See the description of securityhub.client.enable_security_hub():
My fork includes changes to the role definition and Lambda so that consolidated findings are used when deploying the Security Hub Organization solution.
The text was updated successfully, but these errors were encountered: