Attaching the delegation policy statement for Security Hub
From the organization management account, you must copy the delegation policy statement for Security Hub and attach it to your delegated administrator for AWS Organizations policy, so the delegated administrator for Security Hub can perform actions in Security Hub. Without this policy statement, the delegated administrator cannot configure Security Hub for your organization. You can copy this policy from the General page in the Security Hub console. When you do this, you're directed to the Settings page in AWS Organizations console where you can edit your delegated administrator for AWS Organizations policy. This topic describes how to copy the policy in Security Hub. For information about how to update the delegated administrator for AWS Organizations policy, see Update a resource-based delegation policy with AWS Organizations in the AWS Organizations User Guide.
To attach the delegation policy statement for Security Hub
-
Sign in to your AWS account with your organization management account credentials, and open the Security Hub console at https://console.aws.amazon.com/securityhub/v2/home
. -
From the navigation pane, choose General.
-
In Delegation policy statement for Security Hub, choose Copy and attach. You're directed to the Settings page in AWS Organizations where you can edit your delegated administrator for AWS Organizations policy to include the delegation policy statement. If you want to view the policy statement before you copy it, choose Policy details.
Note
If you set a delegated administrator, the delegated administrator can create and apply a policy that allows it to enable and disable memeber accounts. The procedure in the following topic describes how to set this policy.
