AWS Security Hub is a comprehensive analysis utility that gives a clearer picture of your infrastructure. Through native and vendor integrations, it provides a single lens on security while providing you actionable insight.
Security Hub utilizes foundational standards, CIS benchmarks, and PCI compliance checks to validate your infrastructure security. While using standards gets over the hurdle of managing rules, it still requires the overhead of enabling config and reporting back to the management account. However, despite the downsides, it can be a powerful utility in improving your security posture.
All of the resources are needed, as described in AWS Config. In replacement of config rules, we use the conformance packs, aws-foundational-security-best-practices, and cis-aws-foundations-benchmark. The conformance packs then translate individual benchmarks into rules. It is worth noting that the checks' overall cost adds up quickly with more regions + accounts.