
AWS Config can be optimized for Security Hub by recording only the approximately 60 resource types needed for Security Hub controls instead of the default 300+, reducing costs and data storage while maintaining continuous security compliance checks.


<div><p>This article explains how to optimize AWS Config for AWS Security Hub to reduce costs and data volume while maintaining security posture management.</p><ul><li>Security Hub performs continuous security checks via AWS Config integration for ~60 resource types</li><li>Default AWS Config records 300+ resource types; optimization records only Security Hub requirements</li><li>CloudFormation template available on GitHub for optimized AWS Config setup</li><li>Optimization reduces AWS Config costs and data produced, stored, and analyzed</li><li>Template supports all AWS Regions with periodic updates for new Security Hub controls</li><li>Customization options available for additional use cases beyond Security Hub</li><li>Config.1 control may fail if not recording all resources; can be disabled or suppressed</li></ul><p>Organizations using AWS Config solely for Security Hub can significantly reduce costs by recording only necessary resource types using the provided CloudFormation template.</p></div>


Related articles