centralized-logging-with-opensearch icon indicating copy to clipboard operation
centralized-logging-with-opensearch copied to clipboard

Published 20 hours ago verified publisher icon aws-solutions

AWS Security Hub : Security standard : AWS Foundational Security Best Practices v1.0.0 -- reports some issues with this solution

Open gnom7 opened this issue 1 month ago • 0 comments

Describe the feature

Official AWS Security Hub : Security standard : AWS Foundational Security Best Practices v1.0.0 is reporting that this solution violates some rules and thus our overall security score is getting worse.

Some of them are:

  • CloudFront distributions should have WAF enabled. This control checks to see if Amazon CloudFront distributions are associated with either WAF or WAFv2 web ACLs. The control fails if a CloudFront distribution is not associated with a web ACL
  • Checks whether the security groups in use do not allow unrestricted incoming TCP traffic to the specified ports. The rule is NON_COMPLIANT if a security group allows inbound traffic from 0.0.0.0/0 or ::/0 to the specified ports.
  • Checks whether the default security group for VPC is closed.

I'd expect decent integration and syncing between AWS services/solutions. Could you please address issues reported by AWS Security Hub related to this solution?

Use Case

AWS Security Hub is enabled in my AWS account and configured with AWS Foundational Security Best Practices v1.0.0 security standard

Proposed Solution

No response

Other Information

No response

Solution version used

v2.1.2

gnom7 avatar May 15 '24 14:05 gnom7