- Newest
- Most votes
- Most comments
The underlying config rules are the same between the services as long as you’re using the same compliance standard. Control Tower Detective Guardrails purpose is to make deploying compliant resources easier. Security Hub is a cloud security posture management service that performs security best practice checks, aggregates alerts, and enables automated remediation. Security Hub integrates with multiple third-party partner products. An integration may perform one or more of the following actions:
- Send findings that it generates to Security Hub.
- Receive findings from Security Hub.
- Update findings in Security Hub.
Some reference links:
Security controls and standards in AWS Security Hub
Security Hub Available third-party partner product integrations
AWS Blog: AWS Control Tower Detective Guardrails as an AWS Config Conformance Pack
It seems that what they are checking is same. Since both solutions use same AWS Config rules on behind. But from AWS Control Tower, you can manage standards/controls more efficiently on multi account environment compare to Security Hub. Like, enable/disable standards on all AWS account under specific OU, manage controls by AWS services, check entire status from Control Tower dashboard and so on. The link as follows will help you.
New for AWS Control Tower – Comprehensive Controls Management (Preview)
Relevant content
- asked 2 years ago
- asked 7 months ago
- asked a year ago
- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago