superwerker provides a secure baseline and configures security related services by default.
Since GuardDuty (GD) is a native AWS service to find possible security threats and breaches, superwerker enables it for all AWS accounts.
- Use delegated administrator feature
- Delegate Administrator into Control Tower
Audit
account, since Control Tower also delegates AWS Config Rules Compliance findings into the Audit Account - Enable GD for existing Control Tower core accounts (Management, Audit, Log Archive) and all future member accounts
- Use Control Tower
Setup/UpdateLandingZone
Lifecycle events to start the setup of Delegated Administrator - Enable S3 data protection by default
- For an aggregated view, superwerker users have to log into the Audit Account.
- Findings are aggregated in Security Hub
- Enrolled AWS accounts cannot leave or disable GD (feature of Delegated Administeator)