AWS organizations documentation change
Summary
Added detailed documentation about attaching Security Hub policies through different methods
Security assessment
The change documents procedures for Security Hub policies (a security feature) but does not indicate any security vulnerability being addressed. It provides operational guidance rather than responding to a security incident.
Diff
diff --git a/organizations/latest/userguide/orgs_policies_attach.md b/organizations/latest/userguide/orgs_policies_attach.md index 89f87dffd..d46fbd820 100644 --- a//organizations/latest/userguide/orgs_policies_attach.md +++ b//organizations/latest/userguide/orgs_policies_attach.md @@ -296,0 +297,37 @@ The list of attached AI services opt-out policies on the **Targets** tab is upda +Security Hub policies + + +You can attach a Security Hub policy by either navigating to the policy or to the root, OU, or account that you want to attach the policy to. + +###### To attach a Security Hub policy by navigating to the root, OU, or account + + 1. Sign in to the [AWS Organizations console](https://console.aws.amazon.com/organizations/v2). You must sign in as an IAM user, assume an IAM role, or sign in as the root user ([not recommended](https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#lock-away-credentials)) in the organization’s management account. + + 2. On the **[AWS accounts](https://console.aws.amazon.com/organizations/v2/home/accounts)** page, navigate to and then choose the name of the root, OU, or account that you want to attach a policy to. You might have to expand OUs (choose the  ) to find the OU or account that you want. + + 3. In the **Policies** tab, in the entry for **Security Hub policies** , choose **Attach**. + + 4. Find the policy that you want and choose **Attach policy**. + +The list of attached Security Hub policies on the **Policies** tab is updated to include the new addition. The policy change takes effect immediately. + + + + +###### To attach a Security Hub policy by navigating to the policy + + 1. Sign in to the [AWS Organizations console](https://console.aws.amazon.com/organizations/v2). You must sign in as an IAM user, assume an IAM role, or sign in as the root user ([not recommended](https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#lock-away-credentials)) in the organization’s management account. + + 2. On the **[Security Hub policies](https://console.aws.amazon.com/organizations/v2/home/policies/securityhub-policy)** page, choose the name of the policy that you want to attach. + + 3. On the **Targets** tab, choose **Attach**. + + 4. Choose the radio button next to the root, OU, or account that you want to attach the policy to. You might have to expand OUs (choose the  ) to find the OU or account that you want. + + 5. Choose **Attach policy**. + +The list of attached Security Hub policies on the **Targets** tab is updated to include the new addition. The policy change takes effect immediately. + + + +