Name		Name	Last commit message	Last commit date
parent directory ..
artifact		artifact
baseline_ebs		baseline_ebs
baseline_ecr		baseline_ecr
baseline_iam		baseline_iam
baseline_s3		baseline_s3
cloudtrail		cloudtrail
config		config
detective		detective
firewall_manager		firewall_manager
guardduty		guardduty
health		health
iam_access_analyzer		iam_access_analyzer
inspector		inspector
kms		kms
macie		macie
s3_bucket		s3_bucket
scp		scp
securityhub		securityhub
README.md		README.md
placeholder.tf		placeholder.tf

README.md

submodules

All modules are designed to work in a multi-account organization and to delegate administration to an administrator account (if supported by AWS)

AWS resources that have account or regional security settings

Resource/Service	Supported	Setting
cloudtrail		setup
ebs	yes	encryption
ecr	yes	scanning
iam	yes	password policy
s3	yes	public access

AWS services required by Security Hub

Resource/Service	Supported	Setting
config		setup
s3 buckets

AWS services that integrate with Security Hub

Service	Supported
access-analyzer	yes
audit-manager
chatbot
detective
firewall-manager	yes
guardduty	yes
health
inspector
macie
ssm-patch-manager
systems-manager-opscenter-and-explorer
trusted-advisor