AWS Config resources required for PCI DSS controls - AWS Security Hub

AWS Config resources required for PCI DSS controls

For AWS Security Hub to accurately report findings for all of the PCI DSS controls, you must enable the following resources in AWS Config.

  • Amazon ES domain

  • Auto Scaling group

  • CloudTrail trail

  • CodeBuild project

  • Amazon EC2 Elastic IP address

  • Amazon EC2 security group

  • Amazon EC2 volume

  • IAM user

  • AWS KMS key

  • IAM policy

  • Lambda function

  • Amazon RDS DB instance

  • Amazon RDS snapshot

  • Amazon Redshift cluster

  • S3 bucket

  • Systems Manager patch compliance