| Description | Link |
|---|---|
| SecOps | SecOps |
| SecOps Config / CloudTrail | SecOps CloudTrail |
| SecOps Config / Guard Duty | SecOps Guard Duty |
| SecOps Config / Load Balancers | SecOps Load Balancer |
| SecOps Config / Security Hub | SecOps Security Hub |
aws securityhub help | egrep 'delete|describe|get|list|invit'
ACCS='791232313887 534701031479'aws securityhub describe-hub
aws securityhub describe-action-targets
aws securityhub get-administrator-account
aws securityhub get-enabled-standards
aws securityhub get-invitations-count
aws securityhub get-members --account-ids $ACCS
aws securityhub list-invitations
aws securityhub list-members
aws securityhub list-organization-admin-accounts
# security-control
aws securityhub describe-standards --no-paginate | jq .
aws securityhub list-security-control-definitions
aws securityhub list-security-control-definitions --standards-arn arn:aws:securityhub:us-east-1::standards/nist-800-53/v/5.0.0aws securityhub delete-invitations --account-ids $ACCS
aws securityhub delete-members --account-ids $ACCSThe request is rejected either because
- no such invitation exists, or
- the current account is still associated to the given master account, or
- the current account has not yet declined the invitation from the given master account
# From New Master
aws securityhub invite-members --account-ids $ACCS# From Target Account
DES_ADMIN='destination_admin_id'
# accept
aws securityhub accept-administrator-invitation \
--administrator-id $DES_ADMIN \
--invitation-id <value>
# decline
aws securityhub decline-invitations \
--administrator-id <value> \
--invitation-id <value>
aws securityhub disassociate-members --account-ids 404063023013 791232313887 534701031479
aws securityhub delete-members --account-ids 404063023013 791232313887 534701031479
aws securityhub get-members --account-ids 404063023013 791232313887 534701031479