Solution fails [StepFunctions.1] Security Hub control

[steve-g-nz]

The template as currently provided fails the StepFunction.1 Security Hub control

Please update the custom-control-tower-initiation.template to include the following:

• a CloudWatch log group resource
• execution role updated to include relevant logs IAM policies
• LoggingConfiguration property added to the two StepFunction StateMachine resources

Additional context
StepFunctions.1

[snebhu3]

@steve-g-nz thank you for reaching out.
Please may you provide more context on:

• What you are trying to do and what is the issue you are facing.
• Steps to reproduce the issue you are facing

[steve-g-nz]

@snebhu3 the template as documented deploys step functions that fail the Security Hub control StepFunctions.1 which is part of the AWS Foundational Security Best Practices v1.0.0 standard
To prevent the control from failing the template would need to include logging for the state machines which would require the addition of a Cloudwatch log group and adding the relevant IAM permissions to the execution role

[snebhu3]

Thank you for the additional context.
I have created an internal backlog to address this.