How To Manage AWS Security Hub in AWS Organizations Using Terraform
About the use case AWS Security Hub is a security service that helps you manage security posture by collecting security data from AWS and third-party sources, and enabling analysis and remediation of security issues that are found. Late last year, AWS introduced new central configuration capabilities in AWS Security Hub in the form of Security Hub configuration policies (SHCPs). With SHCPs, we can customize many aspects of the Security Hub configuration which can be consistently applied to all members of the organization. This addresses many challenges with managing Security Hub across an organization which I experienced first hand last year. It was practically futile to build Security Hub enablement into AWS Control Tower Account Factory for Terraform (AFT) ! As this is the new best practice, we'll be using this feature. Since it is increasingly common to establish an AWS landing zone using AWS Control Tower , we will use the standard account s...