Remediate example findings
Important
This example requires the use of the Security Hub CSPM console. The Security Hub (non-CSPM) console does not currently support manual remediations via custom action. To remediate findings without using the Security Hub CSPM console, see the Remediate using the Web UI section.
In the admin account, navigate to the Security Hub CSPM console and locate the finding for the resource with an insecure configuration that you created as part of this tutorial.
This can be done in several ways:
-
In partitions which support the consolidated control findings feature, a page labeled "Controls" allows you to locate the finding by the consolidated control ID.
-
In the "Security standards" page, you can locate the control according to which standard it belongs to.
-
You can view all findings on the "Findings" page and search by attribute.
The consolidated control ID for the public Lambda Function we created is Lambda.1.
Initiate the remediation
Select the checkbox to the left of the finding related to the resource we created. In the "Actions" drop-down menu, select "Remediate with ASR". You will see a notification that the finding was sent to Amazon EventBridge.
| Account | Purpose | Action in us-east-1 | Action in us-west-2 |
|---|---|---|---|
|
|
Admin |
Initiate the remediation |
None |
|
|
Member |
None |
None |
Confirm that the remediation resolved the finding
You should receive two SNS notifications. The first will indicate that a remediation has been initiated, and the second will indicate that the remediation succeeded. After receiving the second notification, navigate to the Lambda console in the member account and confirm that the public access has been revoked.
| Account | Purpose | Action in us-east-1 | Action in us-west-2 |
|---|---|---|---|
|
|
Admin |
None |
None |
|
|
Member |
None |
Confirm that the remediation succeeded |
