The first section of the code enables SecurityHub automatically for all new accounts in the Organization. This lets us keep our environment fully compliant, and centralize all findings in security account. The second resource enables the CIS benchmark. This is very useful since it’ll give you a lot of checks that you can use to size the level of compliance resources in your accounts. The first time you enabled it, you need to add existing accounts in this way. For new accounts, you are covered with auto_enable flag.
I’m going to show you how to create a SecurityHub multi-account setup using terraform.
If you are using AWS Organizations, you have something similar to the setup below. For configuring SecurityHub at the Organization level, you need to add
to service access principals. In this way, you’re telling Organizations that you want to use ...
Copyright of this story solely belongs to hackernoon.com . To see the full text click HERE