AWS Security Hub now supports Amazon Virtual Private Cloud (VPC) endpoints via AWS PrivateLink so that you can securely initiate API calls to Security Hub from within your VPC without requiring those calls to traverse across the Internet. AWS PrivateLink support for Security Hub is now available in all AWS Regions where Security Hub is available. To try the new feature, you can go to the VPC console, API, or SDK to create a VPC endpoint for Security Hub in your VPC. This creates an elastic network interface in your specified subnets. The interface has a private IP address that serves as an entry point for traffic that is destined for Security Hub. You can read more about Security Hub’s integration with PrivateLink here.
Source:: Amazon AWS