From 9b32d9e23564af2537010c44748473c80a21d266 Mon Sep 17 00:00:00 2001
From: Joni Harker <506966+ConsoleCatzirl@users.noreply.github.com>
Date: Tue, 4 Feb 2025 16:35:51 -0800
Subject: [PATCH] [IT-4151] Ignore CIS 2.2.1 finding in image-central (#1328)

* [IT-4151] Ignore CIS 2.2.1 finding in image-central

Ignore "CIS 2.2.1 Ensure EBS volume encryption is enabled" in the
image-central account, we don't want it enabled by default.
---
 .../security-hub-suppress-infra.yaml          | 32 +++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/org-formation/075-security-hub/security-hub-suppress-infra.yaml b/org-formation/075-security-hub/security-hub-suppress-infra.yaml
index cd2026dc..46d2fc3e 100644
--- a/org-formation/075-security-hub/security-hub-suppress-infra.yaml
+++ b/org-formation/075-security-hub/security-hub-suppress-infra.yaml
@@ -464,3 +464,35 @@ Resources:
           - SecurityHubFindingsQueue
           - Arn
         Id: Target0
+
+  # This rule suppresses findings in org-sagebase-imagecentral for EBS encryption since the volumes
+  # in this account are used for creating public AMIs
+  SuppressFindingsForPublicImagesRule:
+    Type: AWS::Events::Rule
+    Properties:
+      Description: SecHubSuppress findings for EBS encryption
+      EventPattern:
+        detail:
+          findings:
+            Resources:
+              Id:
+                # image-central
+                - 'AWS::::Account:867686887310'
+            GeneratorId:
+              # EBS encryption enabled by default
+              - 'cis-aws-foundations-benchmark/v/1.4.0/2.2.1'
+            Workflow:
+              Status:
+              - NEW
+              - NOTIFIED
+        detail-type:
+        - Security Hub Findings - Imported
+        source:
+        - aws.securityhub
+      State: ENABLED
+      Targets:
+      - Arn:
+          Fn::GetAtt:
+          - SecurityHubFindingsQueue
+          - Arn
+        Id: Target0