Security Hub Regional limits - Amazon Security Hub
Cross-Region aggregation restrictionsAvailability of integrations by RegionAvailability of standards by RegionAvailability of controls by Region
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Security Hub Regional limits

Some Amazon Security Hub features are available in only certain Amazon Web Services Regions. The following sections specify these Regional limits. For a complete list of all the Regions where Security Hub is currently available, see Amazon Security Hub endpoints and quotas in the Amazon Web Services General Reference.

Cross-Region aggregation restrictions

In Amazon GovCloud (US) Regions, cross-Region aggregation is available for findings, finding updates, and insights across Amazon GovCloud (US) Regions only. Specifically, you can only aggregate findings, finding updates, and insights between Amazon GovCloud (US-East) and Amazon GovCloud (US-West).

In the China Regions, cross-Region aggregation is available for findings, finding updates, and insights across the China Regions only. Specifically, you can only aggregate findings, finding updates, and insights between China (Beijing) and China (Ningxia).

You can't use a Region that is disabled by default as your aggregation Region. For a list of Regions that are disabled by default, see Enable or disable Amazon Web Services Regions in your account in the Amazon Account Management Reference Guide.

Availability of integrations by Region

Some integrations are not available in all Regions. If an integration is not available in a specific Region, it is not listed on the Integrations page of the Security Hub console when you choose that Region.

Integrations that are supported in the China (Beijing) and China (Ningxia) Regions

The China (Beijing) and China (Ningxia) Regions support only the following integrations with Amazon services:

  • Amazon Firewall Manager

  • Amazon GuardDuty

  • Amazon Identity and Access Management Access Analyzer

  • Amazon Inspector

  • Amazon IoT Device Defender

  • Amazon Systems Manager Explorer

  • Amazon Systems Manager OpsCenter

  • Amazon Systems Manager Patch Manager

The China (Beijing) and China (Ningxia) Regions support only the following third-party integrations:

  • Cloud Custodian

  • FireEye Helix

  • Helecloud

  • IBM QRadar

  • PagerDuty

  • Palo Alto Networks Cortex XSOAR

  • Palo Alto Networks VM-Series

  • Prowler

  • RSA Archer

  • Splunk Enterprise

  • Splunk Phantom

  • ThreatModeler

Integrations that are supported in Amazon GovCloud (US-East) and Amazon GovCloud (US-West) Regions

The Amazon GovCloud (US-East) and Amazon GovCloud (US-West) Regions support only the following integrations with Amazon services:

  • Amazon Config

  • Amazon Detective

  • Amazon Firewall Manager

  • Amazon GuardDuty

  • Amazon Health

  • IAM Access Analyzer

  • Amazon Inspector

  • Amazon IoT Device Defender

The Amazon GovCloud (US-East) and Amazon GovCloud (US-West) Regions support only the following third-party integrations:

  • Atlassian Jira Service Management

  • Atlassian Jira Service Management Cloud

  • Atlassian OpsGenie

  • Caveonix Cloud

  • Cloud Custodian

  • Cloud Storage Security Antivirus for Amazon S3

  • CrowdStrike Falcon

  • FireEye Helix

  • Forcepoint CASB

  • Forcepoint DLP

  • Forcepoint NGFW

  • Fugue

  • Kion

  • MicroFocus ArcSight

  • NETSCOUT Cyber Investigator

  • PagerDuty

  • Palo Alto Networks – Prisma Cloud Compute

  • Palo Alto Networks – Prisma Cloud Enterprise

  • Palo Alto Networks – VM-Series (available only in Amazon GovCloud (US-West))

  • Prowler

  • Rackspace Technology – Cloud Native Security

  • Rapid7 InsightConnect

  • RSA Archer

  • SecureCloudDb

  • ServiceNow ITSM

  • Slack

  • ThreatModeler

  • Vectra AI Cognito Detect

Availability of standards by Region

The Amazon Control Tower service-managed standard is available only in Regions that Amazon Control Tower supports, including Amazon GovCloud (US) Regions. For a list of Regions that Amazon Control Tower currently supports, see How Amazon Web Services Regions Work With Amazon Control Tower in the Amazon Control Tower User Guide.

The Amazon Resource Tagging standard isn't available in the Canada West (Calgary), China, and Amazon GovCloud (US) Regions.

Other security standards are available in all the Regions where Security Hub is currently available.

Availability of controls by Region

Some Security Hub controls aren't available in all Regions. For a list of controls that aren't available in each Region, see Regional limits on Security Hub controls.

On the Security Hub console, a control doesn't appear in the list of controls if it isn't available in the Region that you're currently signed in to. The exception is an aggregation Region. If you set an aggregation Region and sign in to that Region, the console shows controls that are available in the aggregation Region or one or more linked Regions.