Setup Security Alert
You can set up a secure account with Members by specifying "Secure" in the Security Settings Option when you apply for an AWS account. With a secure account, you will be able to activate AWS managed security services and receive various security alerts issued by them in an easy-to-use format. To receive notifications of various security alerts, you need to configure the settings.
This procedure allows the customer to configure the notification destination. Please use the CloudFormation template quick create link provided by us to build a mechanism to notify various security alerts on your secure account. You can choose between email and Slack as the notification method. It is also possible to choose both notification destinations.
Email Notification Setting Procedure
Please create the resources of email notification to the following procedure.
-
Prepare the email address you want to be notified from.
-
Log in to the AWS Management Console of the AWS account you want to be notify about security alerts in your browser.
-
Enter the email address you prepared in the CloudFormation parameters.
-
Click on the "Create" button to create the necessary resources in the Tokyo region.
-
Amazon SNS will send you an email titled "AWS Notification - Subscription Confirmation" to confirm the email address you entered. Click on the "Confirm subscription" link to complete the registration.
-
(Optional) If you want to add more email addresses, please add the subscription in the Amazon SNS Topic of the created.
Slack Notification Setting Procedure
Please create the resources of Slack notification to the following procedure. Steps 1-3 below are explained in more detail Create a SlackApp that allows you to post messages to your Slack channel | DevelopersIO.
-
Create a Slack App to be used for notifications, configure the following parameter, and install it in the Slack workspace you want to be notified. (See the Slack API document for details)
- Scopes: Bot Token Scopes
- OAuth Scope:
chat:write
-
After installing Slack App in your workspace, copy the generated Bot User OAuth Token.
-
Copy the channel ID in your Slack workspace that you want to be notified. (If it is a private channel, invite the Slack App by
/invitecommand in the channel) -
Log in to the AWS Management Console of the AWS account you want to be notify about security alerts in your browser.
-
Enter the Channel ID and Bot User OAuth Token you prepared in the CloudFormation parameters.
-
Click on the "Create" button to create the necessary resources in the Tokyo region and start notifications.
-
(Optional) If you want to add more channels for notifications, please refer to the Target of the created EventBridge Rule and add a similar Target setting.
Filtering Security Hub Notifications
If you want to narrow down the content of Security Hub notifications to a specific part, you can refer to Configure Security Hub notifications filtered by importance | DevelopersIO for a response. For example, you can change the notifications so that only those of high importance are notified.
Stop Notification
If you want to stop the notification, you can do one of the following.
- Delete the CloudFormation Stack you created. (Default Stack name is cm-security-alert-mail-stack / cm-security-alert-slack-stack)
- For Email: Delete the Amazon SNS Subscription.
- For Slack: Delete the EventBridge Rules or Targets.
Precautions
- The notified items are excerpted from various security alerts where necessary. If you want to check the details, please access the various security services.
- If the notification fails for some reason, the notification will not be resent.
- The notification mechanism is configured by using various feature of AWS, so please be aware that it is affected by AWS updates and failures.