Enabling cross-Region aggregation
The aggregation Region is now called the home Region. Some Security Hub CSPM API operations still use the older term aggregation
Region.
You must enable cross-Region aggregation from the AWS Region that you want to designate as the
home Region.
To enable cross-Region aggregation, you create a Security Hub CSPM resource called a finding aggregator. The finding aggregator
resource specifies your home Region and linked Regions (if any).
You can't use an AWS Region that is disabled by default as your home Region. For a
list of Regions that are disabled by default, see Enabling a
Region in the AWS General Reference.
When you enable cross-Region aggregation, you choose to specify one or more linked Regions if you wish. You can also
choose whether to automatically link new Regions when Security Hub CSPM begins to support them
and you have opted into them.
- Security Hub CSPM console
-
To enable cross-Region aggregation
Open the AWS Security Hub Cloud Security Posture Management (CSPM) console at https://console.aws.amazon.com/securityhub/.
-
Using the AWS Region selector, sign in to the Region that you want to use as the aggregation
Region.
-
In the Security Hub CSPM navigation menu, choose Settings and then
Regions.
-
For Finding aggregation, choose Configure
finding aggregation.
By default, the home Region is set to No aggregation
Region.
-
Under Aggregation Region, select the option to
designate the current Region as the home Region.
-
Optionally, for Linked Regions, select the Regions to aggregate
data from.
-
To automatically aggregate data from new Regions in the partition as Security Hub CSPM
supports them and you opt into them, select Link future
Regions.
-
Choose Save.
- Security Hub CSPM API
-
From the Region that you want
to use as the home Region, use the CreateFindingAggregator
operation of the Security Hub CSPM API. If you use the AWS CLI, run
the create-finding-aggregator command.
For RegionLinkingMode
, choose one of the following
options:
-
ALL_REGIONS
– Security Hub CSPM aggregates data from all
Regions. Security Hub CSPM also aggregates data from new Regions as they are
supported and you opt into them.
-
ALL_REGIONS_EXCEPT_SPECIFIED
– Security Hub CSPM
aggregates data from all Regions except for Regions that you want to
exclude. Security Hub CSPM also aggregates data from new Regions as they are
supported and you opt into them. Use Regions
to provide
the list of Regions to exclude from aggregation.
-
SPECIFIED_REGIONS
– Security Hub CSPM aggregates data from
a selected list of Regions. Security Hub CSPM does not aggregate data
automatically from new Regions. Use Regions
to provide
the list of Regions to aggregate from.
-
NO_REGIONS
– Security Hub CSPM doesn't aggregate data because you don't
select any linked Regions.
The following example configures cross-Region aggregation.
The home Region is US East (N. Virginia). The linked
Regions are US West (N. California) and US West (Oregon). This example is formatted for Linux, macOS, or Unix,
and it uses the backslash (\) line-continuation character to improve
readability.
$
aws securityhub create-finding-aggregator --region us-east-1
--region-linking-mode SPECIFIED_REGIONS
--regions us-west-1 us-west-2