Posted On: Jun 23, 2023
Today, AWS announces expanded AWS CloudFormation support for AWS Security Hub, which allows you to use CloudFormation to deploy Security Hub and manage its standards and controls. Using the updated AWS::SecurityHub::Hub resource, you can now enable Security Hub, decide if it should be provisioned with default standards (the AWS Foundational Security Best Practices and CIS Foundations Benchmark version 1.2), and opt into its Consolidated Control Findings capability. You can also use the new AWS::SecurityHub::Standard resource to enable specific security standards such as NIST 800-53 or PCI DSS and manage individual controls in them. This expanded integration is available in all AWS Regions where Security Hub and CloudFormation are available.
You can also use AWS CloudFormation StackSets to manage Security Hub across accounts and Regions in a single action. You can designate your entire Organization or a specific Organizational Unit (OU) as the action’s target, which gives new accounts your desired configuration.
You can try Security Hub at no cost for 30 days on the AWS Free Tier with a single action in the AWS Management Console, or after provisioning it via CloudFormation. To learn more about Security Hub capabilities, consult the Security Hub documentation, and to receive notifications about new Security Hub features and controls, subscribe to the Security Hub SNS topic in your preferred Region.