AWS Security Hubでいくつかのコントロールを全リージョンで無効化する方法です。AWS CLIを使います。
全リージョンと言いつつ、以下は東京以外のリージョンでいくつかのコントロールを無効化する例です。1
account_id=$(aws sts get-caller-identity --query Account --output text)
controls="
aws-foundational-security-best-practices/v/1.0.0/Config.1
aws-foundational-security-best-practices/v/1.0.0/IAM.1
aws-foundational-security-best-practices/v/1.0.0/IAM.2
aws-foundational-security-best-practices/v/1.0.0/IAM.3
aws-foundational-security-best-practices/v/1.0.0/IAM.4
aws-foundational-security-best-practices/v/1.0.0/IAM.5
aws-foundational-security-best-practices/v/1.0.0/IAM.6
aws-foundational-security-best-practices/v/1.0.0/IAM.7
aws-foundational-security-best-practices/v/1.0.0/IAM.8
aws-foundational-security-best-practices/v/1.0.0/IAM.21
aws-foundational-security-best-practices/v/1.0.0/KMS.1
aws-foundational-security-best-practices/v/1.0.0/KMS.2
aws-foundational-security-best-practices/v/1.0.0/S3.1
aws-foundational-security-best-practices/v/1.0.0/CloudTrail.1
aws-foundational-security-best-practices/v/1.0.0/CloudTrail.2
aws-foundational-security-best-practices/v/1.0.0/CloudTrail.4
aws-foundational-security-best-practices/v/1.0.0/CloudTrail.5
"
regions="eu-north-1 ap-south-1 eu-west-3 eu-west-2 eu-west-1 ap-northeast-3 ap-northeast-2 sa-east-1 ca-central-1 ap-southeast-1 ap-southeast-2 eu-central-1 us-east-1 us-east-2 us-west-1 us-west-2"
for region in $regions
do
for control in $controls
do
arn="arn:aws:securityhub:$region:$account_id:control/$control"
echo "$arn"
aws --region $region securityhub update-standards-control --standards-control-arn "$arn" --control-status DISABLED --disabled-reason "ここに理由"
sleep 0.3 # APIスロットリング対策
done
done
全リージョンとするには、 regions を以下のようにします。
regions=$(aws ec2 describe-regions --query Regions[].RegionName --output text)
-
自分用にこの例を載せておきたかった。 ↩