Security Hub

AWS Security Hub provides a single pane of glass for AWS environment security, collecting security data from AWS accounts and services and third-party partner services.


  • AWS accounts can either enable Security Hub or be invited to become associated with another account.
    • Accounts that accept invitations become member accounts.
    • The inviting account becomes the administrator account.
    • Delegated administrator accounts can manage services across Organisations.
  • The aggregation region is the region from which you review findings.
  • ASFF is the standardised format in which findings are represented.
  • Controls are documented safeguards.
    • Related requirements are sets of security requirements mapped to a control.
  • Findings provide a record of a detection.
    • Findings may be archived.
    • Ingestion is the process of receiving findings from other AWS services and third-party services.
    • Aggregations allow findings to be reviewed in a single region; they're the process of collecting and grouping findings.
  • Insights are collections of related findings after applying filters and an aggregation statement.
  • Rules are sets of criteria that define whether or not a control is being adhered to. Rules can be in one of three states:
    • Passed indicates the rule is being adhered to.
    • Failed indicates the rule is not being adhered to.
    • Warning indicates that the rule couldn't be evaluated.
  • Security checks are point-in-time evaluations of rules against individual resources.
  • Security standards are published statements (e.g. CIS AWS Foundations, PCI DSS) that define characteristics of compliance, using controls.
  • Workflow statuses track progress toward resolution.
    • NEW is the initial state.
    • NOTIFIED indicates that the owner of the resource was notified to take action on the finding.
    • SUPPRESSED indicates a non-issue that doesn't require action.
    • RESOLVED indicates that the identified problem has been addressed.

Supported services