Automated Security Response on AWS


This AWS Solution is an add-on that works with AWS Security Hub and provides predefined response and remediation actions based on industry compliance standards and best practices for security threats. It helps AWS Security Hub customers to resolve common security findings and to improve their security posture in AWS.

The solution creates playbooks for customers to individually choose what they want to deploy in their Security Hub primary account. Each playbook contains the necessary custom actions, IAM roles, and Amazon EventBridge events in addition to any Systems Manager Automation documents, AWS Lambda functions, or AWS Step Functions needed to start the remediation workflow within a single AWS account, or across multiple accounts.


AWS Security Hub integration

Initiate remediations and findings using custom actions in the Security Hub console.

One-click cross-account remediation

Easily deploy the Solution across primary and member accounts.

Remediation playbooks

Access remediation playbooks supporting standards such as the Center for Internet Security (CIS) AWS Foundations benchmarks v1.4.0 or AWS Foundational Security Best Practices (AFSBP) v1.0.0.

Automatic remediations

Deploy a predefined set of response and remediation actions to respond to threats automatically.

Extensible and Customizable

Extend the solution with custom remediation and Playbook implementations by deploying customized AWS Systems Manager automation documents and AWS IAM Roles. To support an entire new set of controls that is not implemented by the solution, deploy a custom Playbook.

Technical details

The diagram below presents the serverless architecture that you can build using the Solution's implementation guide and accompanying AWS CloudFormation template.

Automated Security Response on AWS contains the following main workflows: detect, ingest, remediate, and log.

About this deployment
Est. deployment time
15 mins
Estimated cost
Download implementation guide  Source code  CloudFormation template  Subscribe to RSS feed 
Deployment options
Ready to get started?
Deploy this solution by launching it in your AWS Console

Need help? Deploy with a partner.
Find an AWS Certified third-party expert to assist with this deployment
Did this AWS Solution help you?
Provide feedback

Getting Started with AWS Security, Identity, and Compliance

This course provides an overview of AWS security technology, use cases, benefits, and services.

Enroll now »

AWS Certified Security - Specialty

This exam tests your technical expertise in securing the AWS platform. This is for anyone in an experienced security role.

Schedule your exam »