Configuring AWS Organizations integration (optional)

If you use AWS Organizations, you can optionally configure the next generation of Resilience Hub to provide centralized governance across your organization. The following is a quick setup summary:

The management account enables trusted access for resiliencehub.amazonaws.com.
Service-Linked Roles (AWSServiceRoleForResilienceHub) are automatically created in all member accounts.
The management account registers a delegated administrator.
The delegated administrator selects a home Region for data aggregation.

Individual service owners in member accounts still create their own invoker roles for their services. The SLR provides read-only cross-account visibility to the delegated administrator.

Setting a home Region

If you use AWS Organizations, the delegated administrator selects a home Region where organization-level data is aggregated. The home Region is the AWS Region where all organization-level summary data is collected for centralized reporting and dashboards.

When selecting a home Region, choose a Region that:

Is close to your primary operations team.
Meets your data residency requirements.

Service summary data (identifiers, compliance scores, status) replicates from all Regions and accounts into the home Region for fast, centralized queries. Full details such as topology, findings, and dependencies remain in their source Regions and are accessed on demand.

For detailed setup instructions, see AWS Organizations integration.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Required IAM permissions and roles

Multi-account setup (without AWS Organizations)