AWScloud~30 mins

Security Hub overview in AWS - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Security Hub overview

📖 Scenario: You are working as a cloud security analyst. Your manager wants you to set up AWS Security Hub to get a centralized view of security alerts and compliance status across multiple AWS accounts.This will help your team quickly identify and respond to security issues.

🎯 Goal: Set up a basic AWS Security Hub configuration using Infrastructure as Code (IaC) to enable Security Hub in a single AWS account.You will create the initial resource, configure a setting, and finalize the Security Hub setup.

📋 What You'll Learn

Create a resource block to enable AWS Security Hub

Add a configuration variable to specify the region

Use the main configuration block to enable Security Hub with default standards

Complete the configuration with the required final attribute to activate Security Hub

💡 Why This Matters

🌍 Real World

Security Hub helps organizations monitor and improve their cloud security posture by aggregating security alerts and compliance checks in one place.

💼 Career

Cloud security engineers and architects use Security Hub to maintain compliance and quickly respond to security threats across AWS environments.

Progress0 / 4 steps

Create Security Hub resource block

Create a Terraform resource block called aws_securityhub_account to enable Security Hub in your AWS account.

AWS

# Your code here

Need a hint?

This resource enables Security Hub in your AWS account.

Add region variable

Add a Terraform variable called region with default value us-east-1 to specify the AWS region for Security Hub.

AWS

resource "aws_securityhub_account" "main" {
}

# Your code here

Need a hint?

Variables help you configure your infrastructure flexibly.

Enable Security Hub with default standards

Inside the aws_securityhub_account resource block, add the depends_on attribute with an empty list and enable the default standards by adding the standards_subscription block with standards_arn set to arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0.

AWS

resource "aws_securityhub_account" "main" {
  # Your code here
}

variable "region" {
  type    = string
  default = "us-east-1"
}

Need a hint?

This enables the CIS AWS Foundations Benchmark standard in Security Hub.

Finalize Security Hub activation

Add the enable_default_standards attribute set to true inside the aws_securityhub_account resource block to activate Security Hub with default standards.

AWS

resource "aws_securityhub_account" "main" {
  depends_on = []

  standards_subscription {
    standards_arn = "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0"
  }
  # Your code here
}

variable "region" {
  type    = string
  default = "us-east-1"
}

Need a hint?

This final step activates Security Hub with the default security standards.