Stopping cross-Region aggregation - AWS Security Hub
Stopping cross-Region aggregation (console)Stopping cross-Region aggregation (Security Hub API, AWS CLI)

Stopping cross-Region aggregation

Stop cross-Region aggregation if you no longer want to aggregate data or if you want to change the aggregation Region.

When you stop cross-Region aggregation, Security Hub stops aggregating data. It does not remove any existing aggregated data from the aggregation Region.

Stopping cross-Region aggregation (console)

You must stop cross-Region aggregation from the current aggregation Region.

In Regions other than the aggregation Region, the Finding aggregation panel displays a message that you must edit the configuration in the aggregation Region. Choose this message to display a link to switch to the aggregation Region.

To stop cross-Region aggregation

  1. Open the AWS Security Hub console at https://console.aws.amazon.com/securityhub/.

  2. Change to the current aggregation Region.

  3. In the Security Hub navigation menu, choose Settings, then choose Regions.

  4. Under Finding aggregation, choose Edit.

  5. Under Aggregation Region, choose No aggregation Region.

  6. Choose Save.

  7. On the confirmation dialog, in the confirmation field, type Confirm.

  8. Choose Confirm.

Stopping cross-Region aggregation (Security Hub API, AWS CLI)

You can use the Security Hub API to stop cross-Region aggregation. You must stop cross-Region aggregation from the aggregation Region.

To stop cross-Region aggregation (Security Hub API, AWS CLI)

  • Security Hub API: Use the DeleteFindingAggregator operation. To identify the finding aggregator to delete, you provide the finding aggregator ARN. To obtain the finding aggregator ARN, use ListFindingAggregators.

  • AWS CLI: At the command line, run the delete-finding-aggregator command.

    aws securityhub delete-finding-aggregator <finding aggregator ARN> --region <aggregation Region>