AWS config high security documentation change
Summary
Added 'AWS Secret - West' to excluded regions for root account MFA checks
Security assessment
Allows root accounts without hardware MFA in excluded region, increasing account compromise risk
Diff
diff --git a/config/latest/developerguide/root-account-hardware-mfa-enabled.md b/config/latest/developerguide/root-account-hardware-mfa-enabled.md index 875384df2..b64e9d1fe 100644 --- a//config/latest/developerguide/root-account-hardware-mfa-enabled.md +++ b//config/latest/developerguide/root-account-hardware-mfa-enabled.md @@ -29 +29 @@ To avoid unnecessary evaluations, you should only deploy periodic rules that rep -**AWS Region:** All supported AWS regions except China (Beijing), Asia Pacific (Thailand), Middle East (UAE), Asia Pacific (Malaysia), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), China (Ningxia) Region +**AWS Region:** All supported AWS regions except China (Beijing), Asia Pacific (Thailand), Middle East (UAE), AWS Secret - West, Asia Pacific (Malaysia), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), China (Ningxia) Region