Architecture details

This section describes the components and AWS services that make up this solution and the architecture details on how these components work together.

AWS services in this solution

The solution uses the following services. Core services are required to use the solution, and supporting services connect the core services.

AWS service	Description
Amazon EventBridge	Core. Deploys events that will initiate the orchestator step function when a finding is being remediated.
AWS IAM	Core. Deploys many roles to allow remediations on different resources.
AWS Lambda	Core. Deploys multiple lambda functions that will be used by the step function orchestator to remediate issues.
AWS Security Hub	Core. Provides customers with a comprehensive view of their AWS security state.
AWS Step Functions	Core. Deploys an orchestrator that will invoke the remediation documents with AWS Systems Manager API calls.
AWS Systems Manager	Core. Deploys System Manager Documents (link to doc) that contain the remediation logic that will be ran.
Amazon CloudWatch	Supporting. Deploys log groups that the different playbooks will use to log results. Collects metrics to display on a custom dashboard with alarms.
AWS DynamoDB	Supporting. Stores the last run remediation in each account and Region to optimize scheduling of remediations.
Service Catalog AppRegistry	Supporting. Deploys application for deployed stacks to track cost and usage.
Amazon Simple Notification Service	Supporting. Deploys SNS topics that receive a notification once a remediation has been completed.
AWS SQS	Supporting. Assists with the scheduling of remediations in order for the solution to run many remediations in parallel.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

AWS Well-Architected design considerations

AWS Security Hub integration