Automated Security Response on AWS


This AWS Solution is an add-on that works with AWS Security Hub and provides predefined response and remediation actions based on industry compliance standards and best practices for security threats. It helps AWS Security Hub customers to resolve common security findings and to improve their security posture in AWS.

The solution creates a Service Catalog Portfolio of predefined security response and remediation actions, or playbooks. Customers choose the individual playbooks they want to deploy in their Security Hub primary account from the AWS Service Catalog Portfolio. Each playbook contains the necessary custom actions, IAM roles, and Amazon CloudWatch events in addition to any Systems Manager Automation documents, AWS Lambda functions, or AWS Step Functions needed to start the remediation workflow within a single AWS account, or across multiple accounts.


AWS Security Hub integration

Initiate remediations and findings using custom actions in the Security Hub console.

One-click cross-account remediation

Easily deploy the Solution across primary and member accounts.

Remediation playbooks

Access remediation playbooks supporting the Center for Internet Security (CIS) AWS Foundations benchmarks v1.2.0, AWS Foundational Security Best Practices (AFSBP) v1.0.0, and Payment Card Industry Data Security Standard (PCI-DSS) v3.2.1.

Automatic remediations

Deploy a predefined set of response and remediation actions to respond to threats automatically.

Technical details

The diagram below presents the serverless architecture that you can build using the Solution's implementation guide and accompanying AWS CloudFormation template.

AWS Security Hub Automated Response and Remediation contains the following main workflows: detectingestremediate, and log.

About this deployment
Est. deployment time
15 mins
Estimated cost
Download implementation guide  Source code  CloudFormation template  Subscribe to RSS feed 
Deployment options
Ready to get started?
Deploy this solution by launching it in your AWS Console
Did this AWS Solution help you?
Provide feedback

Getting Started with AWS Security, Identity, and Compliance

This course provides an overview of AWS security technology, use cases, benefits, and services.

Enroll now »

AWS Certified Security - Specialty

This exam tests your technical expertise in securing the AWS platform. This is for anyone in an experienced security role.

Schedule your exam »