In this blog post, I'll be detailing how to set up automated Slack notifications for any new AWS Security Hub findings, through AWS CDK Typescript.
We'll create a single 'securityHubNotificationsStack' that will deploy all the infrastructure we need.
At a high level, here's what we'll build:
- An EventBridge rule that triggers for any Security Hub findings
- An SQS Queue that consumes the events triggered by the rule
- A Lambda Function that processes messages from the queue and sends the notifications to Slack via a Slack incoming webhook
- A dead letter queue (DLQ) to store any messages in our queue that fail processing
- A CloudWatch alarm to notify us of any failed messages.