Posted On: Aug 7, 2023

Today, we announces expanded Amazon CloudFormation support for Amazon Security Hub in Amazon Web Services China (Beijing) Region, operated by Sinnet and Amazon Web Services China (Ningxia) Region, operated by NWCD. This new feature allows you to use CloudFormation to deploy Security Hub and manage its standards and controls. Using the updated Hub resource, you can now enable Security Hub, decide if it should be provisioned with default standards (the Amazon Foundational Security Best Practices and CIS Foundations Benchmark version 1.2), and opt into its Consolidated Control Findings capability. You can also use the new Standard resource to enable specific security standards such as NIST 800-53 or PCI DSS and manage individual controls in them.

You can also use Amazon CloudFormation StackSets to manage Security Hub across accounts and Regions in a single action. You can designate your entire Organization or a specific Organizational Unit (OU) as the action’s target, which gives new accounts your desired configuration.

You can try Security Hub at no cost for 30 days with a single action in the Amazon Web Services Management Console, or after provisioning it via CloudFormation. To learn more about Security Hub capabilities, consult the Security Hub documentation.