1. What is Security Hub?

AWS Security Hub provides a comprehensive view of your security state across AWS. It aggregates, organizes, and prioritizes security findings from multiple AWS services and third-party tools in a single dashboard.

Core Concept Security Hub = single pane of glass for security. It collects findings from GuardDuty, Inspector, Macie, Firewall Manager, IAM Access Analyzer, and 60+ third-party tools. It also runs automated compliance checks against security standards (CIS, PCI DSS, AWS Best Practices).

2. Key Features


Finding Aggregation

  1. Collects findings from: GuardDuty, Inspector, Macie, Firewall Manager, IAM Access Analyzer, Systems Manager, third-party partners (60+)
  2. Findings use AWS Security Finding Format (ASFF) — standardized JSON format
  3. Cross-Region aggregation: designate one Region to aggregate findings from all Regions
  4. Cross-account: manage security across AWS Organization from delegated admin


Security Standards & Compliance

  1. Automated checks run continuously using AWS Config rules
  2. Security Score: 0–100% per standard, showing compliance percentage
  3. Requires AWS Config to be enabled (Security Hub uses Config for checks)


Automated Response

  1. Security Hub sends findings to EventBridge for automation
  2. Custom Actions: trigger specific workflows from the Security Hub console
  3. Automated remediation: EventBridge → Lambda/SSM Automation → fix the finding

3. When to use

Use Security Hub when you need a centralized dashboard to aggregate, organize, and prioritize security findings across your AWS environment.

Common scenarios:

  1. Unified security view — See all security findings from multiple AWS services in one place.
  2. Compliance checks — Automatically evaluate your accounts against security standards (CIS, PCI DSS, etc.).
  3. Multi-account security — Aggregate findings across all accounts in an AWS Organization.
  4. Prioritize remediation — Focus on the most critical issues first using severity scores.
  5. Automate responses — Trigger automated remediation using EventBridge + Lambda.


Exam Tip Security Hub: "Single dashboard for all security findings" = Security Hub. "Compliance check against CIS/PCI" = Security Hub. "Aggregate GuardDuty + Inspector + Macie findings" = Security Hub. Requires AWS Config. Uses ASFF format. Cross-Region + cross-account aggregation. Automate via EventBridge.