1

The CloudFormation documentation for Security Hub is very limited. I wonder if it is possible to do the following in CloudFormation

  1. Enable Security Hub in specified accounts or all accounts for an organization. There’s a sample script to automate enabling Security Hub for multiple accounts but no CloudFormation implementation can be found: https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-enable.html#securityhub-enable-multiaccount-script
  2. Enable finding aggregation It seems you can enable finding aggregation using console, CLI or API: https://docs.aws.amazon.com/securityhub/latest/userguide/finding-aggregation-enable.html
  3. Specify Delegated Administrator by account id
voodoo_teddy
  • 11
  • 2

1 Answers1

1

Yes, you can do all these things through a custom resource in CloudFormation in the form of a lambda function.

Marcin
  • 215,873
  • 14
  • 235
  • 294