This cdk package installs a Lambda function, with an associated IAM role, and subscribes the Lambda function to Control Tower aggregate security notifications. In the event of a Control Tower rule violation (e.g. publicly accessible S3 bucket), the Lambda sends a notification to a web hook. - View it on GitHub