Viewing cross-Region aggregation settings
You can view the current cross-Region aggregation configuration in AWS Security Hub from any AWS Region. The
configuration includes the aggregation Region, the linked Regions (if any), and whether to
automatically link new Regions as Security Hub supports them.
Member accounts can view the cross-Region aggregation settings that the administrator account configured.
Choose your preferred method, and follow the steps to view your current cross-Region aggregation settings.
- Security Hub console
-
If cross-Region aggregation is not enabled, then the Regions
tab displays the option to enable cross-Region aggregation. Only administrator accounts and
standalone accounts can enable cross-Region aggregation.
If cross-Region aggregation is enabled, then the Regions tab
displays the following information:
-
The aggregation Region
-
Whether to automatically aggregate findings, insights, control statuses,
and security scores from new Regions that Security Hub supports and that you opt
into
-
The list of linked Regions (if any are selected)
- Security Hub API
-
To view cross-Region aggregation settings (Security Hub API)
Use the GetFindingAggregator
operation of the Security Hub API. If you use the AWS CLI, run the
get-finding-aggregator
command.
When you make the request, provide the finding aggregator ARN. To obtain the finding
aggregator ARN, use the ListFindingAggregators
operation or list-finding-aggregators
command.
The following example shows the cross-Region aggregation settings for the specified finding aggregator ARN. This example is formatted for Linux, macOS, or Unix,
and it uses the backslash (\) line-continuation character to improve readability
$
aws securityhub get-finding-aggregator --finding-aggregator-arn arn:aws:securityhub:us-east-1:222222222222:finding-aggregator/123e4567-e89b-12d3-a456-426652340000