AWS Security ChangesHomeSearch

AWS systems-manager documentation change

Service: systems-manager · 2025-03-10 · Documentation low

File: systems-manager/latest/userguide/OpsCenter-applications-that-integrate.md

Summary

Added note about Security Hub integration bypassing OpsItem quotas and recommendation to limit findings to high severity

Security assessment

The change documents operational considerations for Security Hub integration but does not address a specific security vulnerability. It adds guidance about security feature usage.

Diff

diff --git a/systems-manager/latest/userguide/OpsCenter-applications-that-integrate.md
index e7aeab001..d89f1f42b 100644
--- a/systems-manager/latest/userguide/OpsCenter-applications-that-integrate.md
+++ b/systems-manager/latest/userguide/OpsCenter-applications-that-integrate.md
@@ -195,0 +196,4 @@ If you are logged into a member account when you configure integration, the syst
+  * OpsItems that are created by an integration with AWS Security Hub are _not_ currently limited by the maximum quota of 500,000 OpsItems per account in a Region. It is therefore possible for Security Hub alerts to create more than 500,000 chargeable OpsItems in each Region in an account.
+
+For high-production environments, we therefore recommend limiting the scope of Security Hub findings to high severity issues only.
+