Admin account support Member accounts Member roles

AWS CloudFormation templates

aws-sharr-deploy.template - Use this template to launch the Automated Security Response on AWS solution. The template installs the core components of the solution, a nested stack for the AWS Step Functions logs, and one nested stack for each security standard you choose to activate.

Services used include Amazon Simple Notification Service, AWS Key Management Service, AWS Identity and Access Management, AWS Lambda, AWS Step Functions, Amazon CloudWatch Logs, Amazon S3, and AWS Systems Manager.

Admin account support

The following templates are installed in the AWS Security Hub admin account to turn on the security standards that you want to support. You can choose which of the following templates to install when installing the aws-sharr-deploy.template.

aws-sharr-orchestrator-log.template - Creates a CloudWatch logs group for the Orchestrator Step Function.

AFSBPStack.template - AWS Foundational Security Best Practices v1.0.0 rules.

CIS120Stack.template - CIS Amazon Web Services Foundations benchmarks, v1.2.0 rules.

CIS140Stack.template - CIS Amazon Web Services Foundations benchmarks, v1.4.0 rules.

PCI321Stack.template - PCI-DSS v3.2.1 rules.

NISTStack.template - National Institute of Standards and Technology (NIST), v5.0.0 rules.

SCStack.template - SC v2.0.0 rules.

Member accounts

aws-sharr-member.template - Use this template after you set up the core solution to install AWS Systems Manager automation runbooks and permissions in each of your AWS Security Hub member accounts (including the admin account). This template allows you to choose which security standard playbooks to install.

The aws-sharr-member.template installs the following templates based on your selections:

aws-sharr-remediations.template - Common remediation code used by one or more of the security standards.

AFSBPMemberStack.template - AWS Foundational Security Best Practices v1.0.0 settings, permissions, and remediation runbooks.

CIS120MemberStack.template - CIS Amazon Web Services Foundations benchmarks, version 1.2.0 settings, permissions, and remediation runbooks.

CIS140MemberStack.template - CIS Amazon Web Services Foundations benchmarks, version 1.4.0 settings, permissions, and remediation runbooks.

PCI321MemberStack.template - PCI-DSS v3.2.1 settings, permissions, and remediation runbooks.

NISTMemberStack.template - National Institute of Standards and Technology (NIST), v5.0.0 settings, permissions, and remediation runbooks.

SCMemberStack.template - Security Control settings, permissions, and remediation runbooks.

Member roles

aws-sharr-member-roles.template - Defines the remediation roles needed in each AWS Security Hub member account.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Deciding where to deploy each stack

Automated deployment - StackSets