AWS Security Hub endpoints and quotas
This section lists the the service endpoints and service quotas for the service. To connect programmatically to an AWS service, you use an endpoint. For more information, see AWS service endpoints.
In addition to the standard AWS endpoints, some AWS services offer the following endpoints in some or all of the AWS Regions that the service is supported in:
IPv4 endpoints — These endpoints support only IPv4 requests and have the following format:
service-name.region.amazonaws.comDual-stack endpoints — These endpoints support both IPv4 requests and IPv6 requests and have the following format:
service-name.region.api.awsFIPS endpoints — These endpoints comply with the Federal Information Processing Standards (FIPS) and can support either IPv4 requests or dual-stack (IPv4 and IPv6) requests. FIPS endpoints have the following format:
service-name-fips.region.ip-endpoint-typeip-endpoint-typeisamazonaws.com(for IPv4 requests) orapi.aws(for IPv4 or IPv6 requests).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for your AWS account. For more information, see AWS service quotas.
Note
AWS recommends that you use Regional STS endpoints within your applications, and avoid using global (legacy) STS endpoints. Regional STS endpoints reduce latency, build in redundancy, and increase session token validity. For more information about configuring your applications to use a Regional STS endpoint, see AWS STS Regionalized endpoints in the AWS SDKs and Tools Reference Guide. For more information about global (legacy) AWS STS endpoints, including how to monitor for use of this type of endpoint, see How to use Regional AWS STS endpoints in the AWS Security blog.
Service endpoints
| Region Name | Region | Endpoint | Protocol |
|---|---|---|---|
| US East (Ohio) | us-east-2 |
securityhub.us-east-2.amazonaws.com securityhub-fips.us-east-2.amazonaws.com securityhub.us-east-2.api.aws |
HTTPS HTTPS HTTPS |
| US East (N. Virginia) | us-east-1 |
securityhub.us-east-1.amazonaws.com securityhub-fips.us-east-1.amazonaws.com securityhub.us-east-1.api.aws |
HTTPS HTTPS HTTPS |
| US West (N. California) | us-west-1 |
securityhub.us-west-1.amazonaws.com securityhub-fips.us-west-1.amazonaws.com securityhub.us-west-1.api.aws |
HTTPS HTTPS HTTPS |
| US West (Oregon) | us-west-2 |
securityhub.us-west-2.amazonaws.com securityhub-fips.us-west-2.amazonaws.com securityhub.us-west-2.api.aws |
HTTPS HTTPS HTTPS |
| Africa (Cape Town) | af-south-1 |
securityhub.af-south-1.amazonaws.com securityhub.af-south-1.api.aws |
HTTPS HTTPS |
| Asia Pacific (Hong Kong) | ap-east-1 |
securityhub.ap-east-1.amazonaws.com securityhub.ap-east-1.api.aws |
HTTPS HTTPS |
| Asia Pacific (Hyderabad) | ap-south-2 |
securityhub.ap-south-2.amazonaws.com securityhub.ap-south-2.api.aws |
HTTPS HTTPS |
| Asia Pacific (Jakarta) | ap-southeast-3 |
securityhub.ap-southeast-3.amazonaws.com securityhub.ap-southeast-3.api.aws |
HTTPS HTTPS |
| Asia Pacific (Malaysia) | ap-southeast-5 |
securityhub.ap-southeast-5.amazonaws.com securityhub.ap-southeast-5.api.aws |
HTTPS HTTPS |
| Asia Pacific (Melbourne) | ap-southeast-4 |
securityhub.ap-southeast-4.amazonaws.com securityhub.ap-southeast-4.api.aws |
HTTPS HTTPS |
| Asia Pacific (Mumbai) | ap-south-1 |
securityhub.ap-south-1.amazonaws.com securityhub.ap-south-1.api.aws |
HTTPS HTTPS |
| Asia Pacific (Osaka) | ap-northeast-3 |
securityhub.ap-northeast-3.amazonaws.com securityhub.ap-northeast-3.api.aws |
HTTPS HTTPS |
| Asia Pacific (Seoul) | ap-northeast-2 |
securityhub.ap-northeast-2.amazonaws.com securityhub.ap-northeast-2.api.aws |
HTTPS HTTPS |
| Asia Pacific (Singapore) | ap-southeast-1 |
securityhub.ap-southeast-1.amazonaws.com securityhub.ap-southeast-1.api.aws |
HTTPS HTTPS |
| Asia Pacific (Sydney) | ap-southeast-2 |
securityhub.ap-southeast-2.amazonaws.com securityhub.ap-southeast-2.api.aws |
HTTPS HTTPS |
| Asia Pacific (Tokyo) | ap-northeast-1 |
securityhub.ap-northeast-1.amazonaws.com securityhub.ap-northeast-1.api.aws |
HTTPS HTTPS |
| Canada (Central) | ca-central-1 |
securityhub.ca-central-1.amazonaws.com securityhub.ca-central-1.api.aws |
HTTPS HTTPS |
| Canada West (Calgary) | ca-west-1 |
securityhub.ca-west-1.amazonaws.com securityhub.ca-west-1.api.aws |
HTTPS HTTPS |
| Europe (Frankfurt) | eu-central-1 |
securityhub.eu-central-1.amazonaws.com securityhub.eu-central-1.api.aws |
HTTPS HTTPS |
| Europe (Ireland) | eu-west-1 |
securityhub.eu-west-1.amazonaws.com securityhub.eu-west-1.api.aws |
HTTPS HTTPS |
| Europe (London) | eu-west-2 |
securityhub.eu-west-2.amazonaws.com securityhub.eu-west-2.api.aws |
HTTPS HTTPS |
| Europe (Milan) | eu-south-1 |
securityhub.eu-south-1.amazonaws.com securityhub.eu-south-1.api.aws |
HTTPS HTTPS |
| Europe (Paris) | eu-west-3 |
securityhub.eu-west-3.amazonaws.com securityhub.eu-west-3.api.aws |
HTTPS HTTPS |
| Europe (Spain) | eu-south-2 |
securityhub.eu-south-2.amazonaws.com securityhub.eu-south-2.api.aws |
HTTPS HTTPS |
| Europe (Stockholm) | eu-north-1 |
securityhub.eu-north-1.amazonaws.com securityhub.eu-north-1.api.aws |
HTTPS HTTPS |
| Europe (Zurich) | eu-central-2 |
securityhub.eu-central-2.amazonaws.com securityhub.eu-central-2.api.aws |
HTTPS HTTPS |
| Israel (Tel Aviv) | il-central-1 |
securityhub.il-central-1.amazonaws.com securityhub.il-central-1.api.aws |
HTTPS HTTPS |
| Middle East (Bahrain) | me-south-1 |
securityhub.me-south-1.amazonaws.com securityhub.me-south-1.api.aws |
HTTPS HTTPS |
| Middle East (UAE) | me-central-1 |
securityhub.me-central-1.amazonaws.com securityhub.me-central-1.api.aws |
HTTPS HTTPS |
| South America (São Paulo) | sa-east-1 |
securityhub.sa-east-1.amazonaws.com securityhub.sa-east-1.api.aws |
HTTPS HTTPS |
| AWS GovCloud (US-East) | us-gov-east-1 |
securityhub.us-gov-east-1.amazonaws.com securityhub-fips.us-gov-east-1.amazonaws.com securityhub.us-gov-east-1.api.aws |
HTTPS HTTPS HTTPS |
| AWS GovCloud (US-West) | us-gov-west-1 |
securityhub.us-gov-west-1.amazonaws.com securityhub-fips.us-gov-west-1.amazonaws.com securityhub.us-gov-west-1.api.aws |
HTTPS HTTPS HTTPS |
Service quotas
| Name | Default | Adjustable | Description |
|---|---|---|---|
| Number of Security Hub member accounts | Each supported Region: 10,000 | No | The maximum number of Security Hub member accounts that can be added for each Security Hub administrator account in each Region. |
| Number of Security Hub outstanding invitations | Each supported Region: 1,000 | No | The maximum number of outstanding Security Hub member account invitations that can be sent per AWS account (Security Hub master account) per region. |
| Number of automation rules | Each supported Region: 100 | No | The maximum number of automation rules that can be created by a Security Hub administrator account. |
| Number of custom actions | Each supported Region: 50 | No | The maximum number of custom actions that can be created per account per Region. |
| Number of custom insights | Each supported Region: 100 | No | The maximum number of user-defined custom insights that can be created per AWS account per Region. |
| Number of insight results | Each supported Region: 100 | No | The maximum number of aggregated results returned for the GetInsightsResults API operation. |
| Security Hub finding retention time | Each supported Region: 90 | No | The maximum number of days a Security Hub finding is saved. This is 90 days after the most recent update or 90 days after the creation date if no update occurs. |
For more information about Security Hub quotas, see Quotas in the AWS Security Hub User Guide.
