Skip to main content

AWS Security Hub Configuration Guide

1. Introduction

  • A valid Role (Role ARN) is required in order to access AWS Security Hub

2. Prerequisites

  • AWS Console access with required service access.

3. AWS Security Hub Setup Guide

  • Enable Security Hub Service in Your AWS Account
  • Enable the Security Standards that you need to check, if it is not enabled , you will see Enable Standard and if it is Enabled already, you will see View Results button**.**
  • Create a role (eg. ASCERA_Security_Hub_Readonly) in User’s AWS account which have access to AWS Security Hub (all read access). You can use the managed aws policy for the same AWSSecurityHubReadOnlyAccess

    • Add a trust policy which allows ascera-connector user from ASCERA AWS account to assume the Created role (ASCERA_Security_Hub_Readonly) in user account.

    • Copy the ARN of the Created Role. which will be required to create connector.

    • Now ASCERA can assume the role and use AWS Security Hub APIs to fetch findings and Compliance related data.