AWS systems-manager documentation change
Summary
Added note about Security Hub integration bypassing OpsItem quotas and recommendation to limit findings to high severity
Security assessment
The change documents operational considerations for Security Hub integration but does not address a specific security vulnerability. It adds guidance about security feature usage.
Diff
diff --git a/systems-manager/latest/userguide/OpsCenter-applications-that-integrate.md index e7aeab001..d89f1f42b 100644 --- a/systems-manager/latest/userguide/OpsCenter-applications-that-integrate.md +++ b/systems-manager/latest/userguide/OpsCenter-applications-that-integrate.md @@ -195,0 +196,4 @@ If you are logged into a member account when you configure integration, the syst + * OpsItems that are created by an integration with AWS Security Hub are _not_ currently limited by the maximum quota of 500,000 OpsItems per account in a Region. It is therefore possible for Security Hub alerts to create more than 500,000 chargeable OpsItems in each Region in an account. + +For high-production environments, we therefore recommend limiting the scope of Security Hub findings to high severity issues only. +