An AWS Security Hub Custom Findings provider, using the Have I Been Pwned API
Branch: master
Clone or download
Pull request Compare This branch is even with iann0036:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.

Security Hub Custom Provider

This project shows you how you can integrate with AWS Security Hub to provide your own custom findings. In this example, we periodically check the Troy Hunt's Have I Been Pwned API and report findings whenever a breach is added.



To deploy the Have I Been Pwned Custom Provider you require the following prerequisites:

You should first modify the email_addresses variable in the src/ file to match the e-mail addresses you wish to monitor.

There is an included script that will create a new S3 bucket for the deployment artifacts, compile the SAM template and deploy to your account. You can modify this script if you have an existing bucket for your artifacts.


The Lambda will be executed every 24 hours (you can change this frequency in the CloudFormation template) which will call the Have I Been Pwned API for every e-mail address listed and if new breaches are discovered, it will add a finding in the AWS Security Hub console.