Security Findings Central Account

jacklau · August 4, 2020, 7:01am

I have read through these 2 guides on the website
https://gruntwork.io/guides/foundations/how-to-configure-production-grade-aws-account-structure/
https://gruntwork.io/guides/compliance/how-to-achieve-cis-benchmark-compliance/

I am wondering where should be the Security Hub and GuardDuty master account locate? under security or logs account?

yoriy · August 4, 2020, 1:40pm

Hello jacklau,

AWS recommends setting up the security account as the SecurityHub and GuardDuty masters (in their landing zone docs). The main reason for this is that the logs account is intended to be for audit reasons and not something you regularly check, while GuardDuty and SecurityHub findings are things that you want to look at regularly to ensure compliance.

Hope this helps clarify things!

Best regards,
Yori

jacklau · August 5, 2020, 1:41am

Hi Yori,

Thanks for the explanation. So the security account mention in gruntwork’s landing zone architecture is not only managing user authentication and authorization, it also serves as security tool master account and all other accounts including root would be the member account.

I hope my understanding is correct.

Topic		Replies	Views
Third Party Developer Access Gruntwork Customers	1	575	January 23, 2018
Should I create an IAM user in production env to operate resources in mgmt vpc Gruntwork Customers	3	475	April 6, 2020
Allow machine user to access EKS Gruntwork Customers eks , machine-user	4	735	May 13, 2020
AWS diagrams Gruntwork Customers diagrams , non-technical	1	948	January 2, 2019
Task Networking with the awsvpc Network Mode Gruntwork Customers ecs	2	741	March 14, 2018

Security Findings Central Account

Related Topics