Security Hub Regional limits - Amazon Security Hub
Cross-Region aggregation restrictionsAvailability of integrations by RegionAvailability of standards by RegionAvailability of controls by Region
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Security Hub Regional limits

Some Amazon Security Hub features are available in only certain Amazon Web Services Regions. The following sections specify these Regional limits.

For a list of Regions in which Security Hub is available, see Amazon Security Hub endpoints and quotas in the Amazon Web Services General Reference.

Cross-Region aggregation restrictions

In Amazon GovCloud (US), cross-Region aggregation is available for findings, finding updates, and insights across Amazon GovCloud (US) only. Specifically, you can only aggregate findings, finding updates, and insights between Amazon GovCloud (US-East) and Amazon GovCloud (US-West).

In the China Regions, cross-Region aggregation is available for findings, finding updates, and insights across the China Regions only. Specifically, you can only aggregate findings, finding updates, and insights between China (Beijing) and China (Ningxia).

You can't use a Region that is disabled by default as your aggregation Region. For a list of Regions that are disabled by default, see Enabling a Region in the Amazon Web Services General Reference.

Availability of integrations by Region

Some integrations are not available in all Regions. If an integration is not available in a specific Region, it is not listed on the Integrations page of the Security Hub console when you choose that Region.

Integrations that are supported in China (Beijing) and China (Ningxia)

The China (Beijing) and China (Ningxia) Regions only support the following integrations with Amazon services:

  • Amazon Firewall Manager

  • Amazon GuardDuty

  • Amazon Identity and Access Management Access Analyzer

  • Amazon Inspector

  • Amazon IoT Device Defender

  • Amazon Systems Manager Explorer

  • Amazon Systems Manager OpsCenter

  • Amazon Systems Manager Patch Manager

The China (Beijing) and China (Ningxia) Regions only support the following third-party integrations:

  • Cloud Custodian

  • FireEye Helix

  • Helecloud

  • IBM QRadar

  • PagerDuty

  • Palo Alto Networks Cortex XSOAR

  • Palo Alto Networks VM-Series

  • Prowler

  • RSA Archer

  • Splunk Enterprise

  • Splunk Phantom

  • ThreatModeler

Integrations that are supported in Amazon GovCloud (US-East) and Amazon GovCloud (US-West)

The Amazon GovCloud (US-East) and Amazon GovCloud (US-West) Regions only support the following integrations with Amazon services:

  • Amazon Config

  • Amazon Detective

  • Amazon Firewall Manager

  • Amazon GuardDuty

  • Amazon Health

  • IAM Access Analyzer

  • Amazon Inspector

  • Amazon IoT Device Defender

The Amazon GovCloud (US-East) and Amazon GovCloud (US-West) Regions only support the following third-party integrations:

  • Atlassian Jira Service Management

  • Atlassian Jira Service Management Cloud

  • Atlassian OpsGenie

  • Caveonix Cloud

  • Cloud Custodian

  • Cloud Storage Security Antivirus for Amazon S3

  • CrowdStrike Falcon

  • FireEye Helix

  • Forcepoint CASB

  • Forcepoint DLP

  • Forcepoint NGFW

  • Fugue

  • Kion

  • MicroFocus ArcSight

  • NETSCOUT Cyber Investigator

  • PagerDuty

  • Palo Alto Networks – Prisma Cloud Compute

  • Palo Alto Networks – Prisma Cloud Enterprise

  • Palo Alto Networks – VM-Series (available only in Amazon GovCloud (US-West))

  • Prowler

  • Rackspace Technology – Cloud Native Security

  • Rapid7 InsightConnect

  • RSA Archer

  • SecureCloudDb

  • ServiceNow ITSM

  • Slack

  • ThreatModeler

  • Vectra AI Cognito Detect

Availability of standards by Region

Service-Managed Standard: Amazon Control Tower is only available in Regions that Amazon Control Tower supports, including Amazon GovCloud (US). For a list of Regions that Amazon Control Tower supports, see How Amazon Web Services Regions Work With Amazon Control Tower in the Amazon Control Tower User Guide.

The Amazon Resource Tagging Standard isn't available in Canada West (Calgary), China, and Amazon GovCloud (US).

Other security standards are available in all Regions that Security Hub is available in.

Availability of controls by Region

Security Hub controls may not be available in all Regions. To see a list of unavailable controls in each Region, see Regional limits on controls. A control doesn't appear on the list of controls in the Security Hub console if it's not available in the Region that you're signed in to. The exception is if you're signed in to an aggregation Region. In that case, you can see controls that are available in the aggregation Region or in one or more linked Regions.