Stopping cross-Region aggregation
Stop cross-Region aggregation if you no longer want to aggregate data or if you want to change the aggregation Region.
When you stop cross-Region aggregation, Security Hub stops aggregating data. It does not remove any existing aggregated data from the aggregation Region.
Stopping cross-Region aggregation (console)
You must stop cross-Region aggregation from the current aggregation Region.
In Regions other than the aggregation Region, the Finding aggregation panel displays a message that you must edit the configuration in the aggregation Region. Choose this message to display a link to switch to the aggregation Region.
To stop cross-Region aggregation
Open the Amazon Security Hub console at https://console.amazonaws.cn/securityhub/
. -
Change to the current aggregation Region.
-
In the Security Hub navigation menu, choose Settings, then choose Regions.
-
Under Finding aggregation, choose Edit.
-
Under Aggregation Region, choose No aggregation Region.
-
Choose Save.
-
On the confirmation dialog, in the confirmation field, type
Confirm. -
Choose Confirm.
Stopping cross-Region aggregation (Security Hub API, Amazon CLI)
You can use the Security Hub API to stop cross-Region aggregation. You must stop cross-Region aggregation from the aggregation Region.
To stop cross-Region aggregation (Security Hub API, Amazon CLI)
-
Security Hub API: Use the
DeleteFindingAggregatoroperation. To identify the finding aggregator to delete, you provide the finding aggregator ARN. To obtain the finding aggregator ARN, useListFindingAggregators. -
Amazon CLI: At the command line, run the
delete-finding-aggregatorcommand.aws securityhub delete-finding-aggregator<finding aggregator ARN>--region<aggregation Region>