OpenSecOps Newsletter #6
The Problem
Setting up AWS security services across an organisation is time-consuming, repetitive, and error-prone. Infrastructure engineers face several challenges:
- Time-consuming setup: Each service requires multiple console clicks across regions and accounts
- Repetitive delegation: Every service needs manual delegation from the AWS Organization admin account to the OpenSecOps security administration account
- Inconsistent procedures: Each service has subtly different configuration steps and requirements
- Error-prone process: Manual steps lead to misconfigurations and security gaps
- Difficult to disable: Reversing the setup is equally laborious with different procedures per service
Infrastructure engineers typically spend hours or days manually enabling GuardDuty, Detective, Inspector, IAM Access Analyzer, Security Hub, and AWS Config across multiple regions, then configuring proper delegation and organization-wide policies.
The Solution
OpenSecOps Foundation-security-services-setup eliminates the configuration complexity by providing a single, automated interface for all AWS security services.
New Component: Foundation-security-services-setup
PRE-RELEASE VERSION: This version, v0.1.1, provides comprehensive discovery and analysis of AWS security services. It does not yet create, delete, or modify AWS resources, but it will give you a diagnosis as well as actionable points. Full automation capabilities, automatically acting on these points, is coming in v1.0.0.
What it does:
- Automates AWS security service configuration across GuardDuty, Security Hub, Detective, Inspector, IAM Access Analyzer, and AWS Config
- Handles complex delegation patterns from organization management account to security administration account
- Provides intelligent recommendations with detailed analysis of current configurations
- Works standalone or integrated with the OpenSecOps Installer
- Completely safe operation - never overwrites existing configurations, backs off gracefully when services are already configured
Key Features:
- Simple Yes/No configuration - Enable exactly the services you need
- Comprehensive dry-run mode - Preview all changes before applying them
- Multi-region support - Configure services across all your active regions simultaneously
- Idempotent operation - Safe to run multiple times with consistent results
- Organization-wide coverage - Handles delegation and auto-enablement across all accounts
Before vs After:
Before (Manual Process):
1. Log into org management account console
2. Navigate to GuardDuty → Enable in us-east-1 → Delegate to security account
3. Repeat step 2 for us-west-2, eu-west-1...
4. Log into security account → Accept delegations in each region
5. Configure auto-enable for new accounts in each region
6. Navigate to Security Hub → Enable → Delegate...
7. Repeat for Detective, Inspector, Access Analyzer, Config...
[Hours of repetitive console clicking]
After (Automated):
cd Foundation-security-services-setup
./deploy --verbose
# ✅ All services configured in minutes
Getting Started: See the [Foundation-security-services-setup README](https://github.com/OpenSecOps-Org/Foundation-security-services-setup/blob/main/README.md) for complete installation and configuration details. NB: The utility can also be run stand-alone, without the Installer or OpenSecOps.
Additional Improvements
Enhanced SOAR Operations (v2.3.0)
CloudWatch Alarm Context Enrichment: SOAR now provides enhanced AI incident analysis with enriched CloudWatch alarm data and execution context for Step Functions and Lambda incidents. This gives operations teams much more actionable information when infrastructure components experience issues.
Improved Error Resilience: Enhanced AI operation error handling changed from States.Timeout to States.ALL for improved Bedrock timeout resilience, ensuring AI analysis continues even when services experience various failure modes.
Refined Installation Experience (v2.5.1)
Installer Improvements: Fixed script execution to properly pass --verbose flag to component scripts when using verbose mode, ensuring consistent debugging output across all Foundation components during deployment.
Consolidated Security Monitoring (v1.2.6)
SOAR-all-alarms-to-sec-hub Enhancements: Multiple refinements to CloudWatch alarm forwarding to Security Hub, improving the reliability and completeness of security event consolidation across your AWS environment.
Enhanced Documentation (v1.2.0)
Comprehensive updates to installation guides, component documentation, and troubleshooting resources to support the growing OpenSecOps ecosystem.
Foundation-security-services-setup is ready for immediate use - simply follow the README instructions for standalone usage or integrate with your existing OpenSecOps Installer configuration.
All other improvements are automatically active for existing SOAR installations through normal update processes.
This release represents a significant step forward in automating AWS security service configuration, eliminating hours of manual work while ensuring consistent, organization-wide security posture management.