Select your cookie preferences

We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”

Preferences
Contact Us
Feedback
AWS Documentation
Create an AWS Account

Security Hub Regional limits

PDF
RSS
Focus mode
Security Hub Regional limits - AWS Security Hub
Cross-Region aggregation restrictionsAvailability of integrations by RegionAvailability of standards by RegionAvailability of controls by Region

Some AWS Security Hub features are available in only certain AWS Regions. The following sections specify these Regional limits. For a complete list of all the Regions in which Security Hub is currently available, see AWS Security Hub endpoints and quotas in the AWS General Reference.

Cross-Region aggregation restrictions

In AWS GovCloud (US) Regions, cross-Region aggregation is available for findings, finding updates, and insights across AWS GovCloud (US) Regions only. Specifically, you can only aggregate findings, finding updates, and insights between AWS GovCloud (US-East) and AWS GovCloud (US-West).

In the China Regions, cross-Region aggregation is available for findings, finding updates, and insights across the China Regions only. Specifically, you can only aggregate findings, finding updates, and insights between China (Beijing) and China (Ningxia).

You can't use a Region that is disabled by default as your aggregation Region. For a list of Regions that are disabled by default, see Enable or disable AWS Regions in your account in the AWS Account Management Reference Guide.

Availability of integrations by Region

Some integrations are not available in all Regions. If an integration is not available in a specific Region, it is not listed on the Integrations page of the Security Hub console when you choose that Region.

Integrations that are supported in the China (Beijing) and China (Ningxia) Regions

The China (Beijing) and China (Ningxia) Regions support only the following integrations with AWS services:

  • AWS Firewall Manager

  • Amazon GuardDuty

  • AWS Identity and Access Management Access Analyzer

  • Amazon Inspector

  • AWS IoT Device Defender

  • AWS Systems Manager Explorer

  • AWS Systems Manager OpsCenter

  • AWS Systems Manager Patch Manager

The China (Beijing) and China (Ningxia) Regions support only the following third-party integrations:

  • Cloud Custodian

  • FireEye Helix

  • Helecloud

  • IBM QRadar

  • PagerDuty

  • Palo Alto Networks Cortex XSOAR

  • Palo Alto Networks VM-Series

  • Prowler

  • RSA Archer

  • Splunk Enterprise

  • Splunk Phantom

  • ThreatModeler

Integrations that are supported in AWS GovCloud (US-East) and AWS GovCloud (US-West) Regions

The AWS GovCloud (US-East) and AWS GovCloud (US-West) Regions support only the following integrations with AWS services:

  • AWS Config

  • Amazon Detective

  • AWS Firewall Manager

  • Amazon GuardDuty

  • AWS Health

  • IAM Access Analyzer

  • Amazon Inspector

  • AWS IoT Device Defender

The AWS GovCloud (US-East) and AWS GovCloud (US-West) Regions support only the following third-party integrations:

  • Atlassian Jira Service Management

  • Atlassian Jira Service Management Cloud

  • Atlassian OpsGenie

  • Caveonix Cloud

  • Cloud Custodian

  • Cloud Storage Security Antivirus for Amazon S3

  • CrowdStrike Falcon

  • FireEye Helix

  • Forcepoint CASB

  • Forcepoint DLP

  • Forcepoint NGFW

  • Fugue

  • Kion

  • MicroFocus ArcSight

  • NETSCOUT Cyber Investigator

  • PagerDuty

  • Palo Alto Networks – Prisma Cloud Compute

  • Palo Alto Networks – Prisma Cloud Enterprise

  • Palo Alto Networks – VM-Series (available only in AWS GovCloud (US-West))

  • Prowler

  • Rackspace Technology – Cloud Native Security

  • Rapid7 InsightConnect

  • RSA Archer

  • SecureCloudDb

  • ServiceNow ITSM

  • Slack

  • ThreatModeler

  • Vectra AI Cognito Detect

Availability of standards by Region

The AWS Control Tower service-managed standard is available only in Regions that AWS Control Tower supports, including AWS GovCloud (US) Regions. For a list of Regions that AWS Control Tower supports, see How AWS Regions Work With AWS Control Tower in the AWS Control Tower User Guide.

The AWS Resource Tagging Standard isn't available in the Canada West (Calgary), China, and AWS GovCloud (US) Regions.

Other security standards are available in all the Regions that Security Hub is available in.

Availability of controls by Region

Security Hub controls might not be available in all Regions. For a list of controls that aren't available in each Region, see Regional limits on controls.

A control doesn't appear in the list of controls on the Security Hub console if it isn't available in the Region that you're signed in to. The exception is if you're signed in to an aggregation Region. In that case, you can see controls that are available in the aggregation Region or in one or more linked Regions.

On this page

PrivacySite termsCookie preferences
© 2025, Amazon Web Services, Inc. or its affiliates. All rights reserved.