in src/securityhub_enabler.py [0:0]
def enable_admin(admin_session, securityhub_regions, partition):
admin_account = os.environ['sh_admin_account']
for region in securityhub_regions:
sh_admin_client = admin_session.client(
'securityhub',
endpoint_url=f"https://securityhub.{region}.amazonaws.com",
region_name=region
)
# Ensure SecurityHub is Enabled in the Admin Account
try:
sh_admin_client.get_findings()
except Exception as e:
LOGGER.info(f"SecurityHub not currently Enabled on Admin Account "
f"{admin_account} in {region}. Enabling it.")
try:
sh_admin_client.enable_security_hub(
EnableDefaultStandards=False
)
except:
LOGGER.error(f"Failed to enable SecurityHub in {region} or {admin_account}")
else:
LOGGER.info(f"SecurityHub already Enabled in Admin Account "
f"{admin_account} in {region}")
# Enable Security Standards
process_security_standards(sh_admin_client, partition, region,
admin_account)
return