Security Findings Central Account

jacklau · August 4, 2020, 7:01am

I have read through these 2 guides on the website
https://gruntwork.io/guides/foundations/how-to-configure-production-grade-aws-account-structure/
https://gruntwork.io/guides/compliance/how-to-achieve-cis-benchmark-compliance/

I am wondering where should be the Security Hub and GuardDuty master account locate? under security or logs account?

yoriy · August 4, 2020, 1:40pm

Hello jacklau,

AWS recommends setting up the security account as the SecurityHub and GuardDuty masters (in their landing zone docs). The main reason for this is that the logs account is intended to be for audit reasons and not something you regularly check, while GuardDuty and SecurityHub findings are things that you want to look at regularly to ensure compliance.

Hope this helps clarify things!

Best regards,
Yori

jacklau · August 5, 2020, 1:41am

Hi Yori,

Thanks for the explanation. So the security account mention in gruntwork’s landing zone architecture is not only managing user authentication and authorization, it also serves as security tool master account and all other accounts including root would be the member account.

I hope my understanding is correct.

Topic		Replies	Views
Why not use organization trail for multiple accounts but create a central CloudTrail for security account Gruntwork Customers	3	773	March 16, 2020
AWS (Multi-account setup): Access remote states from another account Gruntwork Customers	4	1408	January 11, 2018
Third Party Developer Access Gruntwork Customers	1	599	January 23, 2018
Problems switching between AWS accounts and using IAM roles Gruntwork Customers iam , multi-account	1	747	December 21, 2017
Would be helpful to have a gruntsam example with custom authorization Gruntwork Customers guidance , gruntsam , lambda	1	765	May 31, 2018

Security Findings Central Account

Related topics