AWS Security Hub in AWS GovCloud (US)
AWS Security Hub is a unified cloud security solution that prioritizes your critical security issues and helps you respond at scale. Security Hub detects security issues by automatically correlating and enriching security signals from multiple sources, such as posture management (AWS Security Hub CSPM), vulnerability management (Amazon Inspector), sensitive data (AWS Macie), and threat detection (Amazon GuardDuty). This enables security teams to prioritize active risks in their cloud environments through automated analyses and contextual insights. Through intuitive visualizations, Security Hub transforms complex security signals into actionable insights, which enables you to make informed decisions about your security quickly. Security Hub also includes automated response workflows to help you remediate risks, improve team productivity, and minimize operational disruptions.
How Security Hub differs for AWS GovCloud (US)
Integrations
Integrations with third-party products are not supported in the AWS GovCloud (US) Region. For more information about integrations in other AWS Regions, see Integrations with AWS services and third-party products in the AWS Security Hub User Guide.
Automation Rules
Automation rules for integrations are not supported in the AWS GovCloud (US) Region. Automation rules allow you to automatically update finding fields based on specified criteria. For more information about automation rules in other AWS Regions, see Automating response and remediation in the Security Hub User Guide.
Cost Estimator
The Security Hub cost estimator is not available in the AWS GovCloud (US) Region. The cost estimator is a console feature that provides cost estimates for security capabilities across your AWS environment, comparing individual service pricing (GuardDuty, Amazon Inspector, Security Hub CSPM) against Security Hub's simplified pricing plans. It uses AWS Cost Explorer data to auto-populate usage information for management, delegated administrator, member, and standalone accounts. For more information about the cost estimator in other AWS Regions, see Cost estimator in the AWS Security Hub} User Guide.
Security Hub Extended Plan
The Security Hub Extended plan is not available in the AWS GovCloud (US) Region. The Extended plan enables customers to protect their enterprise estate across cloud, endpoint, network, identity, data, email, and browser through an integrated security operations experience centered in Security Hub. With the Extended plan, customers can subscribe to partner solutions with flexible pay-as-you-go pricing through AWS Marketplace, with no upfront investments or long-term commitments required.
AWS Security Hub CSPM and Amazon Inspector
Security Hub leverages findings from AWS Security Hub CSPM (Cloud Security Posture Management) and Amazon Inspector. For information about the availability of these features in AWS GovCloud (US) Region, see the following:
-
AWS Security Hub CSPM - For information about AWS Security Hub CSPM feature differences in AWS GovCloud (US) Region, including controls, see AWS Security Hub CSPM in AWS GovCloud (US) in the AWS GovCloud (US) User Guide.
-
Amazon Inspector - For information about Amazon Inspector feature differences in AWS GovCloud (US) Region, see Amazon Inspector in AWS GovCloud (US) in the AWS GovCloud (US) User Guide.
Documentation for Security Hub
AWS Security Hub documentation.
Export-controlled content
For AWS Services architected within the AWS GovCloud (US) Regions, the following list explains how certain components of data may leave the AWS GovCloud (US) Regions in the normal course of the service offerings. The list can be used as a guide to help meet applicable customer compliance obligations. Data not included in the following list remains within the AWS GovCloud (US) Regions.
-
No data will leave the AWS GovCloud (US) Regions for this service.
