Setting up Amazon Web Services Config and Amazon Web Services Security Hub

In multi-cloud environments, cloud security services must span multiple cloud platforms as well.

Connecting Amazon Web Services (AWS) to Microsoft Defender for Cloud requires performing multiple steps. Due to this, we will break the whole process into separate recipes, which will make this easier to understand and implement.

To onboard an AWS account in Microsoft Defender for Cloud, you need to enable AWS Config and AWS Security Hub first.

Getting ready

Open a browser and navigate to https://console.aws.amazon.com/. This recipe presumes you have not already enabled AWS Config and AWS Security Hub.

How to do it…

To set up Amazon Web Services Config and Amazon Web Services Security Hub, complete the following steps:

1. In the AWS Console, open AWS Config. You can open AWS Config in two ways. First, you can type AWS Config in a search bar and select that option. Second, you can click on Services in the top-left corner and, under Management & Governance, select Config.
2. If you have never run AWS Config before, or if you are configuring AWS Config in a new region, you can choose to click on Get started or 1-click setup. Get started will allow you to go through the configuration steps by yourself, while 1-click setup will auto-complete the setup process based on AWS best practices. In this recipe, we will complete the manual process. Click on Get started:

Figure 2.19 – Setting up AWS Config for the first time

3. On the Step 1 – Settings page, under the General settings section, for Resource types to record, select Record all resources supported in this region, while for AWS Config role, choose Create AWS Config service-linked role.
4. In the Deliver method section, for Amazon S3 bucket, choose Create a bucket. It is strongly recommended that you create a unique S3 bucket name as you cannot change the bucket's name once it has been created. Click Next:

Figure 2.20 – Set up AWS Config – Step 1 – Settings

5. On the Step 2 – Rules (AWS Managed Rules) page, you can add additional AWS managed rules to your account to evaluate your AWS resources against the rules you have chosen. This step is optional. Click Next.
6. On the Step 3 – Review page, review your AWS Config setup details and click Confirm:

Figure 2.21 – Set up AWS Config – Step 3 – Review

7. On the Welcome to AWS Config screen, click on the X button at the top right to close the window and display AWS Config console.
8. In AWS Console, open AWS Config. You can open AWS Config in two ways. First, you can type AWS Config in a search bar. Second, you can click on Services in the top-left corner and, under Security, Identity & Compliance, select Security Hub.
9. AWS Security Hub – Get started with Security Hub will appear if you have never run AWS Security Hub before. If you have not run AWS Security Hub before, click on Go to Security Hub. Otherwise, skip to Step 10.
10. The Welcome to AWS Security Hub page will open. Examine the Security Standards section. Select the checkboxes next to all the security standards and click Enable Security Hub. Once you've enabled Security Hub, it can take up to 2 hours to see the results from security checks in AWS Security Hub.

How it works…

Amazon Web Services Config enables you to view the configuration of your AWS resources in detail, track the configuration of resources, retrieve historical configuration data, receive notifications about resource life cycle-related events, view relationships between resources, and more. Amazon Web Services Security Hub is a security center for AWS resources. It collects security-related data from AWS resources from supported AWS Partner Network security solutions, as well as supported AWS services such as Amazon Macie, Amazon GuardDuty, and Amazon Inspector. AWS Security Hub and Microsoft Defender for Cloud will use AWS Config data for the inventory and security statuses of AWS resources.