I have this outcome of the initial execution of aws-nuke
aws-nuke version 2.23.0 - 2023-06-20 - 58e46275b36028007cc3f50334aa74d6e3e7990a
Do you really want to nuke the account with the ID 072882739882 and the alias 'sbx-engineering'?
Waiting 1s before continuing.
eu-central-1 - EC2VPC - vpc-01ab21542c23436bd - [ID: "vpc-01ab21542c23436bd", IsDefault: "false", OwnerID: "072882739882", tag:Name: "evaplatform-vpc", tag:account: "072882739882", tag:created-by: "terraform", tag:environment: "global", tag:project: "platform", tag:region: "eu-central-1", tag:stack_name: "vpc"] - filtered by config
eu-central-1 - CloudWatchEventsRule - Rule: aws-controltower-ConfigComplianceChangeEventRule - filtered by config
eu-central-1 - CloudWatchEventsRule - Rule: nonprod-cwlogs-delivery-euce1-lambda-event-rule - filtered by config
eu-central-1 - AthenaWorkGroup - primary - [ARN: "arn:aws:athena:eu-central-1:072882739882:workgroup/primary", Name: "primary"] - cannot delete primary athena work group
eu-central-1 - EC2InternetGatewayAttachment - igw-0bcb59f51be0bf3f5 -> vpc-01ab21542c23436bd - [DefaultVPC: "false", tag:igw:Name: "evaplatform-vpc", tag:igw:account: "072882739882", tag:igw:created-by: "terraform", tag:igw:environment: "global", tag:igw:project: "platform", tag:igw:region: "eu-central-1", tag:igw:stack_name: "vpc", tag:vpc:Name: "evaplatform-vpc", tag:vpc:account: "072882739882", tag:vpc:created-by: "terraform", tag:vpc:environment: "global", tag:vpc:project: "platform", tag:vpc:region: "eu-central-1", tag:vpc:stack_name: "vpc"] - filtered by config
eu-central-1 - SecurityHub - [Arn: "arn:aws:securityhub:eu-central-1:072882739882:hub/default"] - would remove
eu-central-1 - OpsWorksUserProfile - arn:aws:sts::072882739882:assumed-role/AWSReservedSSO_AdministratorAccess_4c7e60a81c403a90/[email protected] - Cannot delete OpsWorksUserProfile of calling User
eu-central-1 - EC2NATGateway - nat-054680e6c063722eb - [tag:Name: "evaplatform-vpc-eu-central-1a", tag:account: "072882739882", tag:created-by: "terraform", tag:environment: "global", tag:project: "platform", tag:region: "eu-central-1", tag:stack_name: "vpc"] - filtered by config
eu-central-1 - CloudTrailTrail - aws-controltower-BaselineCloudTrail - [Name: "aws-controltower-BaselineCloudTrail"] - filtered by config
I manage with the output filter almost all the resources, this resources must stay, but now I need to filter the securityhub
eu-central-1 - SecurityHub - [Arn: "arn:aws:securityhub:eu-central-1:072882739123:hub/default"] - would remove
How can I filter the security hub?? what changes shall I make?