Skip to main content

AWS Security Hub and Config Rules

Centralizing findings from GuardDuty, Inspector, and Config into prioritized remediation queues.


AWS Security Hub and Config Rules

Architecture

AWS Config Rules → Security Hub → EventBridge → Jira/Slack GuardDuty ────────────────┘ Inspector ────────────────┘ IAM Access Analyzer ────┘

High-value Config rules

RuleFinding
s3-bucket-public-read-prohibitedPublic data exposure
restricted-sshSSH open to 0.0.0.0/0
iam-root-access-key-checkRoot key exists
cloudtrail-enabledMissing audit trail

Prioritization matrix

Score = Severity × Asset criticality × Exposure

  • Critical + production + internet-facing → 24h SLA
  • Medium + internal → sprint backlog
  • Low + dev sandbox → monthly hygiene

Evidence for audits

Export Security Hub compliance snapshots monthly; store in immutable S3 bucket with Object Lock for auditor review.