For checking this, follow the below steps:
- Your AWS account needs to have connector permissions (AWS-SD-Connector-Role) to target aws account
- Assume role using the target account ARN (Amazon Resource Name) and get the temporary session credentials of a target account.
- Now using the temporary session credentials get the security-hub object of a target account and check which all product subscriptions are enabled in it.