Attaching the delegation policy statement for Security Hub
From the organization management account, you must copy the delegation policy statement for Security Hub and attach it to your delegated administrator for Amazon Organizations policy, so the delegated administrator for Security Hub can perform actions in Security Hub. Without this policy statement, the delegated administrator cannot configure Security Hub for your organization. You can copy this policy from the General page in the Security Hub console. When you do this, you're directed to the Settings page in Amazon Organizations console where you can edit your delegated administrator for Amazon Organizations policy. This topic describes how to copy the policy in Security Hub. For information about how to update the delegated administrator for Amazon Organizations policy, see Update a resource-based delegation policy with Amazon Organizations in the Amazon Organizations User Guide.
To attach the delegation policy statement for Security Hub
-
Sign in to your Amazon account with your organization management account credentials, and open the Security Hub console at https://console.amazonaws.cn/securityhub/v2/home
. -
From the navigation pane, choose General.
-
In Delegation policy statement for Security Hub, choose Copy and attach. You're directed to the Settings page in Amazon Organizations where you can edit your delegated administrator for Amazon Organizations policy to include the delegation policy statement. If you want to view the policy statement before you copy it, choose Policy details.
Note
If you set a delegated administrator, the delegated administrator can create and apply a policy that allows it to enable and disable memeber accounts. The procedure in the following topic describes how to set this policy.