AWS Security ChangesHomeSearch

AWS securityhub documentation change

Service: securityhub · 2025-11-22 · Documentation low

File: securityhub/latest/userguide/exposure-findings-supported-traits.md

Summary

Added 'Assumability' trait for IAM permissions and reformatted existing traits

Security assessment

The change adds documentation for a new security trait ('Assumability') related to IAM permissions but doesn't address a specific vulnerability. It enhances security awareness by documenting exposure types.

Diff

diff --git a/securityhub/latest/userguide/exposure-findings-supported-traits.md b/securityhub/latest/userguide/exposure-findings-supported-traits.md
index cb563da83..7811b0ca3 100644
--- a//securityhub/latest/userguide/exposure-findings-supported-traits.md
+++ b//securityhub/latest/userguide/exposure-findings-supported-traits.md
@@ -15,4 +15,5 @@ Trait type | Description | Source | Impacted resources
-Misconfiguration  |  Indicates a misconfigured resource.  |  Security Hub CSPM control findings and information about resource confirmation in AWS Config.  |  All resource types.   
-Reachability  |  Indicates open network paths to a resource.  |  Security Hub CSPM control findings and Amazon Inspector network reachability findings.  |  Amazon EC2 instances   
-Sensitive Data  |  Indicates that a resource contains sensitive data.  |  Macie sensitive data findings.  |  Amazon S3 buckets  
-Vulnerability |  Indicates that a resource is exposed to Common Vulnerabilities and Exposure (CVEs).  |  Amazon Inspector package vulnerability findings.  |  Amazon EC2 instances, Amazon ECS services, Amazon EKS clusters, and Lambda functions   
+Assumability  |  Indicates a resource with vended AWS Identity and Access Management permissions  |  Resource configuration from AWS Config  |  AWS resources with associated AWS Identity and Access Management roles   
+Misconfiguration  |  Indicates a misconfigured resource  |  Security Hub CSPM control findings  |  All resource types   
+Reachability  |  Indicates open network paths to a resource  |  Security Hub CSPM control findings and Amazon Inspector network reachability findings  |  Amazon EC2 instances   
+Sensitive Data  |  Indicates that a resource contains sensitive data  |  Macie sensitive data findings  |  Amazon S3 buckets  
+Vulnerability |  Indicates that a resource is exposed to Common Vulnerabilities and Exposure (CVEs)  |  Amazon Inspector package vulnerability findings  |  Amazon EC2 instances, Amazon ECS services, Amazon EKS clusters, and Lambda functions