terraform-aws-control_tower_account_factory icon indicating copy to clipboard operation
terraform-aws-control_tower_account_factory copied to clipboard

Published 20 hours ago verified publisher icon aws-ia

[StepFunctions.1] Step Functions state machines should have logging turned on

Open drarnold opened this issue 1 year ago • 1 comments

Describe the outcome you'd like

I want the SecurityHub finding [StepFunctions.1] to be handled during the initial bootstrap of AFT. This can be done by enabling the logs for the step functions during creation and updating the IAM Role Policies with the following IAM Policy

Is your feature request related to a problem you are currently experiencing? If so, please describe.

Yes, it relates to a SecurityHub finding in the AWS Foundational Security Best Practices v1.0.0 Security standards. I enabled the Logging for each step function and added the IAM Policy for our company's specific implementation (outside of the tfstate file) - will be reverted on the next run.

Please reach out with any questions or implementation details.

drarnold avatar Jul 12 '23 20:07 drarnold

@drarnold thank you for reaching out. I have created an internal backlog to address this.

snebhu3 avatar Jul 20 '23 21:07 snebhu3