AWS, Cloud Computing, Data Analytics

4 Mins Read

Exporting AWS Security Hub Findings using Python script


In today’s digital landscape, security is paramount. With the increasing sophistication of cyber threats, organizations must leverage enhanced security solutions to safeguard their assets. Amazon Web Services (AWS) offers AWS Security Hub, a comprehensive security service that provides a centralized view of your security posture across your AWS accounts. This blog post will guide you through exporting AWS Security Hub findings using a Python script, empowering you to enhance your security operations.


AWS Security Hub helps you examine your security patterns and pinpoint the most important security risks by gathering security data from your AWS accounts, services, and approved third-party products.

As organizations embrace cloud services, effective security measures become crucial. AWS Security Hub acts as a nerve center, aggregating and prioritizing security findings from various AWS services. While AWS Security Hub provides a unified view, exporting findings for further analysis or integration with other tools can be essential. This guide will walk you through the steps to export AWS Security Hub findings using a Python script, providing greater flexibility and control.

Pioneers in Cloud Consulting & Migration Services

  • Reduced infrastructural costs
  • Accelerated application deployment
Get Started

Purpose of AWS Security Hub

  • Unified Security Dashboard: Provides a consolidated view of security and compliance findings from various sources for rapid assessment and response.
  • Automated Threat Detection: Employs automated mechanisms to continuously analyze AWS resources, proactively identifying and prioritizing potential security threats.
  • Prioritization of Findings: Categorizes and prioritizes security issues, allowing security teams to focus on critical issues for swift mitigation.
  • Integration with AWS Services: Seamlessly integrates with AWS security services to enhance security monitoring and analysis depth and breadth.


Before diving into the hands-on steps, ensure you have the following prerequisites in place:

  • AWS Account: Access to an AWS account with sufficient permissions to work with the AWS Security Hub.
  • AWS CLI: Installing and configuring the AWS Command Line Interface (CLI) is necessary to communicate with AWS services.

Architecture Diagram


In this architecture, we use an AWS Lambda function with appropriate AWS IAM roles to fetch AWS Security Hub findings and store them in an Amazon S3 bucket, ensuring secure and automated data management.

Step-by-Step Guide

Step 1: Create an Amazon S3 bucket to store the log, which we will get from the AWS Lambda function.


Step 2: Created a role for the AWS Lambda function with the required permission of the AWS Security Hub and Amazon S3

This role contains:

  • AWSLambdaBasicExecutionRole
  • AmazonS3FullAccess
  • AWSSecurityHubFullAccess


Step 3: Create an AWS Lambda function for the script with the required configurations.


Using the AWS Lambda function, we will extract these findings.


AWS Lambda Function Code

Below is an AWS Lambda function code in Python that exports AWS Security Hub findings to an Amazon S3 bucket:


  • Unified Visibility: AWS Security Hub offers a centralized dashboard for a consolidated view of security findings from diverse AWS services and third-party tools.
  • Automated Threat Detection: AWS Security Hub employs automated mechanisms to continuously analyze AWS resource configurations, proactively identifying and prioritizing potential security threats.
  • Prioritization and Insights: AWS Security Hub categorizes and prioritizes security findings, providing actionable insights into potential impacts on the overall security posture.
  • Integration Capabilities: AWS Security Hub seamlessly integrates with various AWS security services like Amazon GuardDuty, AWS Inspector, and AWS Config, enhancing the depth and breadth of security monitoring.
  • Customization and Automation: AWS Security Hub allows users to create custom insights and automate responses based on predefined rules and playbooks, enabling organizations to tailor security measures efficiently.
  • Compliance Monitoring: AWS Security Hub includes pre-built compliance standards and checks, aiding organizations in assessing adherence to industry-specific regulations and best practices.


AWS Security Hub emerges as a vital ally in safeguarding assets against sophisticated cyber threats in the ever-evolving digital landscape.

This blog has navigated readers through the significance of AWS Security Hub, outlining its diverse functionalities and advantages. The upcoming section will explore a hands-on lab, guiding users step-by-step by exporting AWS Security Hub findings using Python.

Drop a query if you have any questions regarding AWS Security Hub and we will get back to you quickly.

Making IT Networks Enterprise-ready – Cloud Management Services

  • Accelerated cloud migration
  • End-to-end view of the cloud environment
Get Started

About CloudThat

CloudThat is a leading provider of Cloud Training and Consulting services with a global presence in India, the USA, Asia, Europe, and Africa. Specializing in AWS, Microsoft Azure, GCP, VMware, Databricks, and more, the company serves mid-market and enterprise clients, offering comprehensive expertise in Cloud Migration, Data Platforms, DevOps, IoT, AI/ML, and more.

CloudThat is recognized as a top-tier partner with AWS and Microsoft, including the prestigious ‘Think Big’ partner award from AWS and the Microsoft Superstars FY 2023 award in Asia & India. Having trained 650k+ professionals in 500+ cloud certifications and completed 300+ consulting projects globally, CloudThat is an official AWS Advanced Consulting Partner, AWS Training Partner, AWS Migration Partner, AWS Data and Analytics Partner, AWS DevOps Competency Partner, Amazon QuickSight Service Delivery Partner, Amazon EKS Service Delivery Partner, Microsoft Gold Partner, AWS Microsoft Workload Partners, Amazon EC2 Service Delivery Partner, and many more.

To get started, go through our Consultancy page and Managed Services PackageCloudThat’s offerings.


1. Why should I export AWS Security Hub findings?

ANS: – Exporting findings allows for deeper analysis, custom reporting, and integration with other security tools, enhancing your overall security strategy.

2. Can I schedule the Python script for automated exports?

ANS: – Yes, you can leverage AWS Lambda or other scheduling mechanisms to automate the script execution, enabling regular exports of AWS Security Hub findings.

WRITTEN BY Rohit Kumar

Rohit Kumar works as a Research Associate (Infra, Migration, and Security Team) at CloudThat. He is focused on gaining knowledge of the Cloud environment. He has a keen interest in learning and researching emerging technologies.



    Click to Comment

Get The Most Out Of Us

Our support doesn't end here. We have monthly newsletters, study guides, practice questions, and more to assist you in upgrading your cloud career. Subscribe to get them all!