AWS Security Hub

AWSSecurityFree tier available

Cloud security posture management service that aggregates, prioritises, and responds to findings from GuardDuty, Inspector, Macie, IAM Access Analyzer, and 60+ third-party partners against CIS, PCI DSS, and AWS Foundational best practices

FluffyStack tools
Add to Service BuilderAdd to CompareCompare with equivalentsExplore AWS in TreemapExplore security in HoneycombSee AWS regions on the World MapSee security as a networkScore jurisdiction exposure
DocumentationPricingAWS website

Jurisdictional exposure

Provider HQ
USSeattle, USA

Subject to CLOUD Act, FISA-702, DPF

Region locations
APACCNEEAEUUKUSOther40 regions across 7 jurisdictions
Sovereign option
Yes — 6 sovereign-flagged regions available
Full scorecard for this service →US lens detail →Sovereign cloud coverage map →

Attributes

SLA Uptime
99.9%
Multi Account
Yes

Sub-services (3)

Security Standards

Automated CIS, PCI DSS, NIST 800-53, and AWS FSBP checks

Aggregated Findings

Normalised findings from GuardDuty, Inspector, Macie, and partners

Automated Response

EventBridge-driven remediation playbooks triggered by finding severity

Compliance & Certifications

This service is attested for the following frameworks. Always verify with the provider before relying on a specific compliance posture.

GDPRSOC 2ISO 27001HIPAAPCI DSSFedRAMP

Where this runs

40 regions
28 countries
6sovereign
Sovereign regions (6)
  • AWS European Sovereign Cloud (Brandenburg) · BrandenburgAWS European Sovereign Cloud
  • AWS GovCloud (US-East) · AshburnAWS GovCloud (US)
  • AWS GovCloud (US-West) · HillsboroAWS GovCloud (US)
  • AWS European Sovereign Cloud (Brandenburg) · BrandenburgAWS European Sovereign Cloud
  • China (Beijing) · BeijingAWS China (Sinnet)
  • China (Ningxia) · YinchuanAWS China (NWCD)
Commercial regions (34)

Europe (8)

  • Europe (Paris)
  • Europe (Frankfurt)
  • Europe (Ireland)
  • Europe (Milan)
  • Europe (Spain)
  • Europe (Stockholm)
  • Europe (Zurich)
  • Europe (London)

North America (7)

  • Canada West (Calgary)
  • Canada (Central)
  • Mexico (Central)
  • US East (N. Virginia)
  • US West (Oregon)
  • US East (Ohio)
  • US West (N. California)

South America (1)

  • South America (São Paulo)

Asia (11)

  • Asia Pacific (Hong Kong)
  • Asia Pacific (Hyderabad)
  • Asia Pacific (Mumbai)
  • Asia Pacific (Jakarta)
  • Asia Pacific (Osaka)
  • Asia Pacific (Tokyo)
  • Asia Pacific (Malaysia)
  • Asia Pacific (Singapore)
  • Asia Pacific (Seoul)
  • Asia Pacific (Taipei)
  • Asia Pacific (Thailand)

Oceania (3)

  • Asia Pacific (Melbourne)
  • Asia Pacific (Sydney)
  • Asia Pacific (New Zealand)

Middle East (3)

  • Middle East (Bahrain)
  • Israel (Tel Aviv)
  • Middle East (UAE)

Africa (1)

  • Africa (Cape Town)

Tags

cspmcomplianceposturefindings-aggregationsecurity

Equivalent services on other platforms

Alibaba Security CenterAlibaba

Unified security operations platform covering vulnerability management, malware detection, baseline configuration scanning, log audit, container image scanning, and compliance posture across Alibaba Cloud and hybrid workloads

Microsoft Defender for CloudAzure

Unified cloud security posture management (CSPM) and cloud workload protection (CWPP) platform with compliance dashboards, secure score, and regulatory standards assessments

Security Command CenterGCP

Centralised security and risk management platform for GCP with asset inventory, vulnerability scanning, threat detection, compliance reporting, and security posture dashboards

IBM Cloud Security and Compliance CenterIBM

Unified CSPM and compliance posture service covering IBM Cloud and hybrid-cloud estates, with built-in scans against CIS Benchmark, FS Cloud Controls, NIST 800-53, and custom profiles, plus findings aggregation into IBM QRadar

OCI Data SafeOracle

Unified database security management for Oracle databases on OCI, on-prem, and other clouds, covering security assessment, user risk assessment, activity auditing, data discovery and masking, and SQL firewall policies — included with Autonomous Database

OCI Cloud GuardOracle

Continuous security-posture monitoring across the OCI tenancy. Detector recipes flag misconfigurations and suspicious activity; responder recipes automate remediation (revoke, notify, suspend).

Pricing

Pricing model:pay-as-you-go