AWS Config resources required for AWS Foundational Security Best Practices controls - AWS Security Hub

AWS Config resources required for AWS Foundational Security Best Practices controls

For AWS Security Hub to accurately report findings for all of the AWS Foundational Security Best Practices controls, you must enable the following resources in AWS Config.

Note

In Regions where a control is not available, the corresponding resource is not available in AWS Config.

  • ACM Certificate

  • Amazon EBS volume

  • Application Load Balancer

  • Amazon EFS file system

  • CloudFront distribution

  • CloudTrail trail

  • CodeBuild project

  • Amazon EC2 instance

  • Amazon EC2 security group

  • Amazon EC2 volume

  • Elastic Load Balancing load balancer

  • Elasticsearch domain

  • GuardDuty detector

  • IAM group

  • IAM policy

  • IAM role

  • IAM user

  • AWS KMS key

  • Lambda function

  • Amazon RDS DB cluster snapshot

  • Amazon RDS DB instance

  • Amazon RDS snapshot

  • Amazon S3 Block Public Access

  • S3 bucket

  • Systems Manager managed instance inventory

  • Systems Manager patch compliance

  • Subnet