AWS securityhub documentation change
Summary
Modified requiredTagKeys parameter to specify 6-item maximum for Elasticsearch controls
Security assessment
Change adds operational parameter limits without evidence of security impact. Tag enforcement is a governance measure.
Diff
diff --git a/securityhub/latest/userguide/es-controls.md b/securityhub/latest/userguide/es-controls.md index 4d4fab8fa..4c6c40fed 100644 --- a//securityhub/latest/userguide/es-controls.md +++ b//securityhub/latest/userguide/es-controls.md @@ -271 +271 @@ Parameter | Description | Type | Allowed custom values | Security Hub default va -`requiredTagKeys` | List of non-system tag keys that the evaluated resource must contain. Tag keys are case sensitive. | StringList | List of tags that meet [AWS requirements](https://docs.aws.amazon.com/tag-editor/latest/userguide/tagging.html#tag-conventions) | `No default value` +`requiredTagKeys` | List of non-system tag keys that the evaluated resource must contain. Tag keys are case sensitive. | StringList (maximum of 6 items) | 1–6 tag keys that meet [AWS requirements](https://docs.aws.amazon.com/tag-editor/latest/userguide/tagging.html#tag-conventions). | `No default value`