Enable Security Hub
Overview
To enable Security Hub, AWS provides users with a graphical interface to interact with this service. In this step, we will enable Security Hub through this console interface.
Enable Security Hub through Console
To enable Security Hub in a Region, follow these steps:
- Log in to the Amazon Management Console. In the search bar, type and search for the Security Hub CSPM service.
- On the AWS Security Hub CSPM page, select Go to Security Hub CSPM.
- On the Welcome to AWS Security Hub page, select the Security standards such as AWS Foundational Security Best Practices, CIS AWS Foundations Benchmark, and PCI DSS.
- Select Enable Security Hub CSPM.
- After enabling, you will need to wait for some time for Security Hub to evaluate the Security Score of your current account against each security standard you configured.
- Select the Control section to view the Security Score
In some cases, you will encounter notifications related to AWS Config configuration. Please enable the AWS Config service in the corresponding Region. Most evaluation criteria are based on AWS Config service-level rules. When enabling AWS Config recording, select the option to record all resources in the corresponding Region and global resources.
Configure AWS Config
- On the console page, search for and select the AWS Config service
- Select Get started
In the Override settings section, select All globally recorded IAM resource type and Exclude from recording
In the Data governance section, select Create AWS Config service-linked role
- In the Delivery channel section, select Create a bucket, keep the default bucket name, select Next
- Continue to select Next
- Select Confirm
- Complete the AWS Config setup
