A few questions to ponder upon while I am looking at our current Cloud Security Posture.
-
What would be the best multi-account architecture for Security Hub where we want to consolidate all our SH security findings in our Security account, with most of our member accounts needing aggregation from eu-west-1 and us-east-1 into eu-west-2, but selected member accounts also needing aggregation from other regions?
-
Our current architecture deploys SH in member accounts for eu-west-2 and eu-west-1 by inviting them from SH in our Security account in each region using Terraform. How should we migrate from our current architecture to a best practice architecture (whatever we have as a result of question 1)?
Your thoughts on this?