The following blog post provides an overview of the ACAI reference architecture for an AWS Landing Zone.
To maintain your individual AWS Security Hub baseline, it is recommended to tailor your Security Hub Controls and to individually process the generated findings.
AWS has released its official Prescriptive Guidance on AWS Cloud Security Maturity. This post outlines a real-life architecture based on Terraform.
This post explains, why we are in favor of using Amazon EventBridge Rules for monitoring the recommended CIS AWS Monitoring controls.