Security Findings Central Account

I have read through these 2 guides on the website

I am wondering where should be the Security Hub and GuardDuty master account locate? under security or logs account?

Hello jacklau,

AWS recommends setting up the security account as the SecurityHub and GuardDuty masters (in their landing zone docs). The main reason for this is that the logs account is intended to be for audit reasons and not something you regularly check, while GuardDuty and SecurityHub findings are things that you want to look at regularly to ensure compliance.

Hope this helps clarify things!

Best regards,

Hi Yori,

Thanks for the explanation. So the security account mention in gruntwork’s landing zone architecture is not only managing user authentication and authorization, it also serves as security tool master account and all other accounts including root would be the member account.

I hope my understanding is correct.