Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

How can I aggregate my Security Hub findings and security scores from multiple AWS Regions?

3 minute read
0

I want to centralize AWS Security Hub CSPM findings and security scores from multiple AWS Regions to a single aggregation Region.

Short description

Security Hub CSPM provides you with a detailed view of your security state and helps check your environment against security standards and best practices. You can use cross-Region aggregation to aggregate findings, insights, control compliance statuses, and security scores from multiple AWS Regions to a single aggregation Region.

Resolution

Note: If you receive errors when you run AWS Command Line Interface (AWS CLI) commands, then see Troubleshooting errors for the AWS CLI. Also, make sure that you're using the most recent AWS CLI version.

Prepare your environment

Complete the following steps:

  1. Start the AWS Config configuration recorder in all Regions that you want to activate Security Hub CSPM.
  2. Activate Security Hub CSPM in the same AWS Region as your aggregation and linked Regions.

If you use AWS Organizations, note the following:

  • To aggregate findings with AWS Organization member accounts, AWS Config and Security Hub CSPM must be activated in the same linked Regions as the member accounts.
  • You can delegate a member account as your Security Hub CSPM administrator for each AWS Region.

Activate cross-Region aggregation

You can activate cross-Region aggregation with either the AWS Management Console or the AWS CLI.

To use the AWS console, complete the following steps:

  1. Open the Security Hub CSPM console with the Security Hub CSPM administrator account in your aggregation Region.
    Note: If the Region is deactivated, then make sure that you activate the Region.
  2. In the navigation pane, choose Settings, and then choose Regions.
  3. Choose Configure finding aggregation, and then choose your aggregation Region.
  4. In Available Regions, choose the AWS Regions that you want to aggregate findings from.
  5. Choose Link future Regions to automatically link aggregate data from new AWS Regions.
  6. Choose Save.

To use the AWS CLI to activate cross-Region aggregation, run the following create-finding-aggregator AWS CLI command:

aws securityhub create-finding-aggregator --region your-aggregation-region --region-linking-mode ALL_REGIONS

Note: Replace your-aggregation-region with your aggregation Region. For --region-linking-mode, choose one of the following options: ALL_REGIONS, ALL_REGIONS_EXCEPT_SPECIFIED, or SPECIFIED_REGIONS. If you choose SPECIFIED_REGIONS, use the --regions parameter to specify the Region list.

After you activate cross-Region aggregation, Security Hub CSPM starts aggregating findings and security scores from the linked Regions.

You can view the cross-Region configuration with the Security Hub CSPM administrator account from any Region. However, you can update the configuration only from the aggregation Region. For more information, see Enabling cross-Region aggregation.

Related information

Effect of account actions on Security Hub CSPM data

Integrating Security Hub CSPM with AWS Organizations

Topics
Security, Identity, & Compliance
Tags
AWS Security Hub
Language
English
AWS OFFICIALUpdated 5 months ago
No comments

Relevant content