after this setup go to break

Some labs take a long time to initiate & they cost money If you jump to the Monitor lab - you will see these instructions again If you are going to do the Security Hub lab, you need to enable a few things now. Search and enable

AWS Config | 1-click enable | Confirm

enable resource recording in AWS Config - Dashboard view | settings | Confirm recorder is on AWS Security Hub | Go to Security Hub Enable AWS Foundational Security Best Practices v1.0.0 UNCHECK EVERYTHING ELSE Enable Security Hub

• After you enable Security Hub, it takes 10-20 minutes to see the results from security checks for the newly enabled standards. Until then, the controls have a status of "No data".

Both of these services include a 30-day free trial. But you must disable both and shut down this account to stop charges.

lab examination of AWS Config results

• in dashboard click noncompliant resources
• filter compliance by noncompliant | click Apply
• ON left menu | choose Rules | filter by compliance status noncompliant
• click securityhub - EC2 - instance no public IP

Lab examination of Security Hub results

• Security Hub | Summary | findings by region | click on High
• Drill to finding: EC2 instances should not have a public IPv4 address (you have 3)
• Click on link to reveal Right Details
• Since you do not know which is reasonable to have Public IP

Find the one that is Guac-Ubn by looking at details or opening the resource and a new window

• Actions | add note:

Policy allows for Bastion host to have a public IP address if it is limited to specific outbound IP or authentication is based upon multi factor authentication. Find the others: copy JSON to file and send email to (yourself = resource owner, should have tag named resource owner) If no resource owner - add tag - Deletion Date: mark for 30 day deletion Email escalation team @ your org = You Can you find the email address of the user who created this resource? Add a tag DeleteMeOn and add the tag to both web servers add note to each resource stating: policy failure, Add: deletion tag, and Action: email escalation If you had a Helpdesk tool- you would open ticket.

• original lab location
• https://aws.amazon.com/solutions/implementations/automated-security-response-on-aws/

Separate lab - needs to run right after setup of other labs to get results in class

1. Enable AWS Configure - you must type in Search
2. Enable AWS Security Hub
3. Security Hub begins running security checks and generating control findings.