AWS Security ChangesHomeSearch

AWS config high security documentation change

Service: config · 2025-10-22 · Security-related high

File: config/latest/developerguide/root-account-hardware-mfa-enabled.md

Summary

Added 'AWS Secret - West' to excluded regions for root account MFA checks

Security assessment

Allows root accounts without hardware MFA in excluded region, increasing account compromise risk

Diff

diff --git a/config/latest/developerguide/root-account-hardware-mfa-enabled.md b/config/latest/developerguide/root-account-hardware-mfa-enabled.md
index 875384df2..b64e9d1fe 100644
--- a//config/latest/developerguide/root-account-hardware-mfa-enabled.md
+++ b//config/latest/developerguide/root-account-hardware-mfa-enabled.md
@@ -29 +29 @@ To avoid unnecessary evaluations, you should only deploy periodic rules that rep
-**AWS Region:** All supported AWS regions except China (Beijing), Asia Pacific (Thailand), Middle East (UAE), Asia Pacific (Malaysia), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), China (Ningxia) Region
+**AWS Region:** All supported AWS regions except China (Beijing), Asia Pacific (Thailand), Middle East (UAE), AWS Secret - West, Asia Pacific (Malaysia), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), China (Ningxia) Region