-
Notifications
You must be signed in to change notification settings - Fork 108
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature: Enable for all accounts in organization #51
Comments
Max, |
But @ryanholland I think normally the user enabling/configuring Security Hub is going to be quite privileged yeah? And no prob with giving the user read perms on the org .. |
The AWS built in "SecurityAudit" policy (likely the sort of policy applied to a role that will be using Security Hub) has permission |
Its not a matter of having those permissions, you can assign them to any user, but they won't actually work unless you are making the call from a user/role within Organization Root account. |
I can't imagine a scenario where the Security Auditor wouldn't be able to audit the Org Root account as well as the sub accounts when you're wanting to enable Security Hub on ALL accounts in the organisation... |
I just want security hub enabled on all my accounts. I suspect a lot of people enabling it would like the same.
It is pretty easy to query the list of accounts from within the script, so add an option like "--all" to enable security hub on all accounts in the organization.
The text was updated successfully, but these errors were encountered: