OpenSec Atlas

aws-config-security-hub: An Open Source Tool for Cloud Security | OpenSec Atlas

Cloud Security

Tool

aws-config-security-hub

A demo tool integrating AWS Config rules and AWS Security Hub to automate cloud configuration scanning, compliance auditing, and remediation.

View on GitHub

About This Tool

AWS Config and Security Hub demo

Primary Use Case

This tool is designed for cloud security professionals and AWS users who want to monitor and enforce compliance of their AWS resources using AWS Config and Security Hub. It helps detect configuration changes, especially to critical resources like CloudTrail, and automates remediation via Lambda functions. Users can visualize security posture and resource timelines to maintain continuous compliance.

Key Features

Integration of AWS Config rules with AWS Security Hub for enhanced security insights
Custom Lambda rule to detect and remediate changes to CloudTrail and other resources
Terraform-based infrastructure provisioning for easy setup
Visualization of resource configuration changes and timelines
Support for tracking IAM Users, Groups, Roles, and policies including inline and managed policies
Multi-region and organization-wide CloudTrail considerations
Integration capabilities with multiple AWS services via Security Hub

Insights & Recommendations

Security Hub must be enabled manually in the AWS Console before scanning begins. For multi-region or organization-wide CloudTrail trails, ensure the trail is created in the home or master account region. Allow sufficient time after deployment for AWS Config and Security Hub to collect and display compliance data. This tool is a demo and may require customization for production use.

Installation

terraform init
terraform apply -auto-approve
Enable AWS Security Hub manually via AWS Console
Allow time for AWS Config and Security Hub to scan resources

Usage

terraform init

Initializes the Terraform working directory and downloads necessary providers.

terraform apply -auto-approve

Applies the Terraform configuration to create required AWS resources without manual approval.

Smart Usage Notes

Integrate with AWS Lambda for automated, real-time remediation of misconfigurations.Leverage multi-region and organization-wide CloudTrail tracking to enhance visibility across AWS accounts.Combine with SIEM tools ingesting Security Hub findings for centralized alerting and correlation.Use Terraform provisioning to standardize deployment and enable repeatable security posture enforcement.Employ resource timeline visualizations to support forensic investigations and compliance audits.