Note:
Security Hub now supports central configuration for security standards and controls across accounts.Security Hub's central configration feature addresses many of the scenarios that are covered by the scripts in this repository, reducing or eliminating the need to run these scripts. Please refer to the Security Hub central configuration documentation first before going forward with using these scripts.
This repository contains scripts and guidance for enabling and configuring Security Hub and Security Hub features across multiple accounts.
The three scenarios addressed by this repository are:
-
Multi-account enablement scripts - scripts focused on enabling or disabling Security Hub across many accounts. Applicable for accounts that are not managed by a delegated administrator account.
-
Multi-account CIS 1.4 enable scripts - scripts focused on enabling the Center for Internet Security AWS Foundational Best Practices v1.4 security standard across many accounts.
-
Multi-account NIST 800-53 enable scripts - scripts focused on enabling or disabling the NIST 800-53 security standard across many accounts.
-
Multi-region automation rules deployment - scripts focused on deploying automation rules across multiple regions in an account.