Automated Security Response on AWS


This AWS Solution is an add-on that works with AWS Security Hub and provides predefined response and remediation actions based on industry compliance standards and best practices for security threats. It helps Security Hub customers to resolve common security findings and to improve their security posture in AWS.

This AWS Solution creates playbooks for customers to individually choose what they want to deploy in their Security Hub admin account. Each playbook contains the necessary actions to start the remediation workflow within the admin account or any member account.


AWS Security Hub integration

Initiate remediations and findings using custom actions in the Security Hub console.

Remediation playbooks

Foundations benchmarks or AWS Foundational Security Best Practices.

Automatic remediations

Deploy a predefined set of response and remediation actions to respond to threats automatically.

Extensible and Customizable

Extend this AWS Solution with custom remediation and playbook implementations. To support an entirely new set of controls that is not implemented by this AWS Solution, deploy a custom playbook.

Technical details

Security Hub findings aggregated in the delegated administrator account initiate AWS Step Functions. Step Functions invokes a remediation SSM automation document in the member account containing the resource that produced the Security Hub finding.

About this deployment
Est. deployment time
15 mins
Estimated cost
Download implementation guide  Source code  CloudFormation template  Subscribe to RSS feed 
Deployment options
Ready to get started?
Deploy this solution by launching it in your AWS Console

Need help? Deploy with a partner.
Find an AWS Certified third-party expert to assist with this deployment
Did this AWS Solution help you?
Provide feedback
Case Study
AvalonBay Communities Inc. Logo

AvalonBay Communities Inc. migrated to a serverless architecture on AWS, accelerating development by 75 percent while reducing costs by 40 percent and maintaining strong security.  

Read the full case study 
Getting Started with AWS Security, Identity, and Compliance

This course provides an overview of AWS security technology, use cases, benefits, and services. 

Enroll now 
AWS Certified Security - Specialty

This exam tests your technical expertise in securing the AWS platform. This is for anyone in an experienced security role.

Schedule your exam