Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AWS Config should be enabled and use the service-linked role for resource recording #192

Open
dverzolla opened this issue Jul 3, 2024 · 0 comments
Open

AWS Config should be enabled and use the service-linked role for resource recording #192

dverzolla opened this issue Jul 3, 2024 · 0 comments

Comments

@dverzolla
Copy link

Is your feature request related to a problem? Please describe.
AWS Security HUB, into PCI DSS v3.2.1 check has failed with:

"Config.1", "AWS Config should be enabled and use the service-linked role for resource recording".

Even though when terraform-aws-config is rightly configure and working.

The problem happens because this module creates a new role instead of using the one provided by aws.

Describe the solution you'd like
We could add an option to this module for giving the user the choice to opt for aws service-linked role (default) or to create a new one. The image in additional context shows the data governance area of aws config edit page.

When using this module, the "choose a role from your account" is marked, making AWS Security Hub fail.

Describe alternatives you've considered
Disable control of this check in AWS Security Hub.

Additional context
image
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@dverzolla