Bug on script EC-Enable-SecurityHub-Controls-All-Regions.sh - CIS AWS Foundations Benchmark v1.2.0 control 1.14 is not disabled on all regions

Question

Bug on script EC-Enable-SecurityHub-Controls-All-Regions.sh - CIS AWS Foundations Benchmark v1.2.0 control 1.14 is not disabled on all regions

silavjy opened this issue 7 months ago · 0 comments

The CIS AWS Foundations Benchmark v1.2.0 control
-1.14 Ensure hardware MFA is enabled for the root user

is not disabled on all regions (only on eu-west-1

Problem has been identified

The following lines:

# Disable "ControlId": "CIS1.14", "1.14 Ensure hardware MFA is enabled for the \"root\" account" aws --profile $PROFILE --region $region securityhub update-standards-control --standards-control-arn "arn:aws:securityhub:$region:$accountid:control/cis-aws-foundations-benchmark/v/1.2.0/1.14" --control-status "DISABLED" --disabled-reason "Managed by Cloud Broker Team" echo "CIS Check $cischeck update for cis-aws-foundations-benchmark in region $region: exit code $?"
need to be added to the section that executes on all regions

for region in $(aws --profile $PROFILE ec2 describe-regions --output text --query "Regions[?( RegionName!='eu-west-1')].[RegionName]"); do