Skip to content

Add recording setup of Config to every base account provision #528

New issue
New issue
Open
Open
Add recording setup of Config to every base account provision#528
@andrewpatto

Description

@andrewpatto
andrewpatto
opened on Jan 12, 2025

We have a base Config setup (daily.. etc..) that we have click-ops applied in each account. We sometimes forget to do it in new accounts.

Config configured correctly is vital for the proper functioning of Security Hub. I suggest we make part of our terraform bootstrap of accounts include an AWS config setup.

Things to note:

  • not sure whether terraform will "update" over the top of recorders that we have already set up by click-ops. Need to check.

Items to set:

  • frequency to daily rather than continuous (too expensive at continuous)
  • send to common config bucket (needs special policy on the bucket to allow writes)
  • reduce days of retention (? we have no legislative need for keeping config records?)

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions