AWS Security ChangesHomeSearch

AWS IAM documentation change

Service: IAM · 2025-12-10 · Documentation low

File: IAM/latest/UserGuide/access-analyzer-securityhub-integration.md

Summary

Updated all references from 'Security Hub' to 'Security Hub CSPM' to reflect integration with Cloud Security Posture Management (CSPM) component

Security assessment

The changes update terminology to specify CSPM integration but do not address a specific security vulnerability or weakness. This appears to be a documentation refinement to clarify the service's relationship with Security Hub's CSPM capabilities rather than a response to a security incident.

Diff

diff --git a/IAM/latest/UserGuide/access-analyzer-securityhub-integration.md b/IAM/latest/UserGuide/access-analyzer-securityhub-integration.md
index 0e203bbbe..10f8c10b0 100644
--- a//IAM/latest/UserGuide/access-analyzer-securityhub-integration.md
+++ b//IAM/latest/UserGuide/access-analyzer-securityhub-integration.md
@@ -5 +5 @@
-How IAM Access Analyzer sends findings to Security HubViewing IAM Access Analyzer findings in Security HubTypical findings from IAM Access AnalyzerEnabling and configuring the integrationHow to stop sending findings
+How IAM Access Analyzer sends findings to Security Hub CSPMViewing IAM Access Analyzer findings in Security Hub CSPMTypical findings from IAM Access AnalyzerEnabling and configuring the integrationHow to stop sending findings
@@ -7 +7 @@ How IAM Access Analyzer sends findings to Security HubViewing IAM Access Analyze
-# Integrate IAM Access Analyzer with AWS Security Hub
+# Integrate IAM Access Analyzer with AWS Security Hub CSPM
@@ -9 +9 @@ How IAM Access Analyzer sends findings to Security HubViewing IAM Access Analyze
-[AWS Security Hub](https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html) provides a comprehensive view of your security state across AWS. It helps you assess your environment against security industry standards and best practices. Security Hub collects security data from across AWS accounts, services, and supported third-party partner products. It then analyzes your security trends and identify the highest priority security issues.
+[AWS Security Hub CSPM](https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html) provides a comprehensive view of your security state across AWS. It helps you assess your environment against security industry standards and best practices. Security Hub CSPM collects security data from across AWS accounts, services, and supported third-party partner products. It then analyzes your security trends and identify the highest priority security issues.
@@ -11 +11 @@ How IAM Access Analyzer sends findings to Security HubViewing IAM Access Analyze
-When you integrate IAM Access Analyzer with Security Hub, you can send findings from IAM Access Analyzer to Security Hub. Security Hub can then include those findings in its analysis of your overall security posture.
+When you integrate IAM Access Analyzer with Security Hub CSPM, you can send findings from IAM Access Analyzer to Security Hub CSPM. Security Hub CSPM can then include those findings in its analysis of your overall security posture.
@@ -15 +15 @@ When you integrate IAM Access Analyzer with Security Hub, you can send findings
-  * [How IAM Access Analyzer sends findings to Security Hub](./access-analyzer-securityhub-integration.html#access-analyzer-securityhub-integration-sending-findings)
+  * [How IAM Access Analyzer sends findings to Security Hub CSPM](./access-analyzer-securityhub-integration.html#access-analyzer-securityhub-integration-sending-findings)
@@ -21 +21 @@ When you integrate IAM Access Analyzer with Security Hub, you can send findings
-    * [Retrying when Security Hub is not available](./access-analyzer-securityhub-integration.html#access-analyzer-securityhub-integration-retry-send)
+    * [Retrying when Security Hub CSPM is not available](./access-analyzer-securityhub-integration.html#access-analyzer-securityhub-integration-retry-send)
@@ -23 +23 @@ When you integrate IAM Access Analyzer with Security Hub, you can send findings
-    * [Updating existing findings in Security Hub](./access-analyzer-securityhub-integration.html#access-analyzer-securityhub-integration-finding-updates)
+    * [Updating existing findings in Security Hub CSPM](./access-analyzer-securityhub-integration.html#access-analyzer-securityhub-integration-finding-updates)
@@ -25 +25 @@ When you integrate IAM Access Analyzer with Security Hub, you can send findings
-  * [Viewing IAM Access Analyzer findings in Security Hub](./access-analyzer-securityhub-integration.html#access-analyzer-securityhub-integration-viewing-findings)
+  * [Viewing IAM Access Analyzer findings in Security Hub CSPM](./access-analyzer-securityhub-integration.html#access-analyzer-securityhub-integration-viewing-findings)
@@ -27 +27 @@ When you integrate IAM Access Analyzer with Security Hub, you can send findings
-    * [Interpreting IAM Access Analyzer finding names in Security Hub](./access-analyzer-securityhub-integration.html#access-analyzer-securityhub-integration-intrepreting-finding-names)
+    * [Interpreting IAM Access Analyzer finding names in Security Hub CSPM](./access-analyzer-securityhub-integration.html#access-analyzer-securityhub-integration-intrepreting-finding-names)
@@ -38 +38 @@ When you integrate IAM Access Analyzer with Security Hub, you can send findings
-## How IAM Access Analyzer sends findings to Security Hub
+## How IAM Access Analyzer sends findings to Security Hub CSPM
@@ -40 +40 @@ When you integrate IAM Access Analyzer with Security Hub, you can send findings
-In Security Hub, security issues are tracked as findings. Some findings come from issues that are detected by other AWS services or by third-party partners. Security Hub also has a set of rules that it uses to detect security issues and generate findings.
+In Security Hub CSPM, security issues are tracked as findings. Some findings come from issues that are detected by other AWS services or by third-party partners. Security Hub CSPM also has a set of rules that it uses to detect security issues and generate findings.
@@ -42 +42 @@ In Security Hub, security issues are tracked as findings. Some findings come fro
-Security Hub provides tools to manage findings from across all of these sources. You can view and filter lists of findings and view detailed information about each finding. For more information, see [Viewing findings](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-viewing.html) in the _AWS Security Hub User Guide_. You can also track the status of investigations into findings. For more information, see [Taking action on findings](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-taking-action.html) in the _AWS Security Hub User Guide_.
+Security Hub CSPM provides tools to manage findings from across all of these sources. You can view and filter lists of findings and view detailed information about each finding. For more information, see [Viewing findings](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-viewing.html) in the _AWS Security Hub CSPM User Guide_. You can also track the status of investigations into findings. For more information, see [Taking action on findings](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-taking-action.html) in the _AWS Security Hub CSPM User Guide_.
@@ -44 +44 @@ Security Hub provides tools to manage findings from across all of these sources.
-All findings in Security Hub use a standard JSON format called the AWS Security Finding Format (ASFF). The ASFF includes details about the source of the issue, the affected resources, and the current status of the finding. For more information, see [AWS Security Finding Format (ASFF)](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html) in the _AWS Security Hub User Guide_.
+All findings in Security Hub CSPM use a standard JSON format called the AWS Security Finding Format (ASFF). The ASFF includes details about the source of the issue, the affected resources, and the current status of the finding. For more information, see [AWS Security Finding Format (ASFF)](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html) in the _AWS Security Hub CSPM User Guide_.
@@ -46 +46 @@ All findings in Security Hub use a standard JSON format called the AWS Security
-AWS Identity and Access Management Access Analyzer is one of the AWS services that sends findings to Security Hub. For unused access, IAM Access Analyzer detects unused access granted to IAM users or roles and generates a finding for each of them. IAM Access Analyzer then sends these findings to Security Hub.
+AWS Identity and Access Management Access Analyzer is one of the AWS services that sends findings to Security Hub CSPM. For unused access, IAM Access Analyzer detects unused access granted to IAM users or roles and generates a finding for each of them. IAM Access Analyzer then sends these findings to Security Hub CSPM.
@@ -48 +48 @@ AWS Identity and Access Management Access Analyzer is one of the AWS services th
-For external access, IAM Access Analyzer detects policy statements that allow public access or cross-account access to external principals on [supported resources](./access-analyzer-resources.html) in your organization or account. IAM Access Analyzer generates a finding for public access and sends it to Security Hub. For cross-account access, IAM Access Analyzer sends a single finding for one external principal at a time to Security Hub. If there are multiple cross-account findings in IAM Access Analyzer, you must resolve the Security Hub finding for the single external principal before IAM Access Analyzer provides the next cross-account finding. For a full list of external principals with cross-account access outside the zone of trust for the analyzer, you must view the findings in IAM Access Analyzer. Details about the resource control policy (RCP) are available in the resource detail section.
+For external access, IAM Access Analyzer detects policy statements that allow public access or cross-account access to external principals on [supported resources](./access-analyzer-resources.html) in your organization or account. IAM Access Analyzer generates a finding for public access and sends it to Security Hub CSPM. For cross-account access, IAM Access Analyzer sends a single finding for one external principal at a time to Security Hub CSPM. If there are multiple cross-account findings in IAM Access Analyzer, you must resolve the Security Hub CSPM finding for the single external principal before IAM Access Analyzer provides the next cross-account finding. For a full list of external principals with cross-account access outside the zone of trust for the analyzer, you must view the findings in IAM Access Analyzer. Details about the resource control policy (RCP) are available in the resource detail section.
@@ -52 +52 @@ For external access, IAM Access Analyzer detects policy statements that allow pu
-IAM Access Analyzer sends the findings to Security Hub using the [AWS Security Finding Format (ASFF)](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html). In ASFF, the `Types` field provides the finding type. Findings from IAM Access Analyzer can have the following values for `Types`.
+IAM Access Analyzer sends the findings to Security Hub CSPM using the [AWS Security Finding Format (ASFF)](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html). In ASFF, the `Types` field provides the finding type. Findings from IAM Access Analyzer can have the following values for `Types`.
@@ -71 +71 @@ IAM Access Analyzer sends the findings to Security Hub using the [AWS Security F
-When IAM Access Analyzer creates a new finding, it is usually sent to Security Hub within 30 minutes. However, there are rare cases when IAM Access Analyzer may not be notified about a policy change. For example:
+When IAM Access Analyzer creates a new finding, it is usually sent to Security Hub CSPM within 30 minutes. However, there are rare cases when IAM Access Analyzer may not be notified about a policy change. For example:
@@ -84 +84 @@ In these situations, IAM Access Analyzer analyzes the new or updated policy duri
-### Retrying when Security Hub is not available
+### Retrying when Security Hub CSPM is not available
@@ -86 +86 @@ In these situations, IAM Access Analyzer analyzes the new or updated policy duri
-If Security Hub is not available, IAM Access Analyzer retries sending the findings on a periodic basis.
+If Security Hub CSPM is not available, IAM Access Analyzer retries sending the findings on a periodic basis.
@@ -88 +88 @@ If Security Hub is not available, IAM Access Analyzer retries sending the findin
-### Updating existing findings in Security Hub
+### Updating existing findings in Security Hub CSPM
@@ -90 +90 @@ If Security Hub is not available, IAM Access Analyzer retries sending the findin
-After sending a finding to Security Hub, IAM Access Analyzer continues to send updates to reflect any additional observations of the finding activity to Security Hub. These updates are reflected within the same finding.
+After sending a finding to Security Hub CSPM, IAM Access Analyzer continues to send updates to reflect any additional observations of the finding activity to Security Hub CSPM. These updates are reflected within the same finding.
@@ -92 +92 @@ After sending a finding to Security Hub, IAM Access Analyzer continues to send u
-For external access findings IAM Access Analyzer groups them per resource. In Security Hub, the finding for a resource remains active if at least one of the findings for that resource is active in IAM Access Analyzer. If all findings in IAM Access Analyzer for a resource are archived or resolved, then the Security Hub finding is also archived. The Security Hub finding is updated when the policy access changes between public and cross-account access. This update can include changes to the type, title, description, and severity of the finding.
+For external access findings IAM Access Analyzer groups them per resource. In Security Hub CSPM, the finding for a resource remains active if at least one of the findings for that resource is active in IAM Access Analyzer. If all findings in IAM Access Analyzer for a resource are archived or resolved, then the Security Hub CSPM finding is also archived. The Security Hub CSPM finding is updated when the policy access changes between public and cross-account access. This update can include changes to the type, title, description, and severity of the finding.
@@ -94 +94 @@ For external access findings IAM Access Analyzer groups them per resource. In Se
-For unused access findings, IAM Access Analyzer does not group them by resource. Instead, if an unused access finding is resolved in IAM Access Analyzer, then the corresponding Security Hub finding is also resolved. The Security Hub finding is updated when you update the IAM user or role that generated the unused access finding.
+For unused access findings, IAM Access Analyzer does not group them by resource. Instead, if an unused access finding is resolved in IAM Access Analyzer, then the corresponding Security Hub CSPM finding is also resolved. The Security Hub CSPM finding is updated when you update the IAM user or role that generated the unused access finding.
@@ -96 +96 @@ For unused access findings, IAM Access Analyzer does not group them by resource.
-## Viewing IAM Access Analyzer findings in Security Hub
+## Viewing IAM Access Analyzer findings in Security Hub CSPM
@@ -98 +98 @@ For unused access findings, IAM Access Analyzer does not group them by resource.
-To view your IAM Access Analyzer findings in Security Hub, choose **See findings** in the **AWS: IAM Access Analyzer** section of the summary page. Alternatively, you can choose **Findings** from the navigation panel. You can then filter the findings to display only AWS Identity and Access Management Access Analyzer findings by choosing the **Product name:** field with a value of `IAM Access Analyzer`.
+To view your IAM Access Analyzer findings in Security Hub CSPM, choose **See findings** in the **AWS: IAM Access Analyzer** section of the summary page. Alternatively, you can choose **Findings** from the navigation panel. You can then filter the findings to display only AWS Identity and Access Management Access Analyzer findings by choosing the **Product name:** field with a value of `IAM Access Analyzer`.
@@ -100 +100 @@ To view your IAM Access Analyzer findings in Security Hub, choose **See findings
-### Interpreting IAM Access Analyzer finding names in Security Hub
+### Interpreting IAM Access Analyzer finding names in Security Hub CSPM
@@ -102 +102 @@ To view your IAM Access Analyzer findings in Security Hub, choose **See findings
-AWS Identity and Access Management Access Analyzer sends the findings to Security Hub using the AWS Security Finding Format (ASFF). In ASFF, the **Types** field provides the finding type. ASFF types use a different naming scheme than AWS Identity and Access Management Access Analyzer. The following table includes details about all of the ASFF types associated with AWS Identity and Access Management Access Analyzer findings as they appear in Security Hub.
+AWS Identity and Access Management Access Analyzer sends the findings to Security Hub CSPM using the AWS Security Finding Format (ASFF). In ASFF, the **Types** field provides the finding type. ASFF types use a different naming scheme than AWS Identity and Access Management Access Analyzer. The following table includes details about all of the ASFF types associated with AWS Identity and Access Management Access Analyzer findings as they appear in Security Hub CSPM.
@@ -104 +104 @@ AWS Identity and Access Management Access Analyzer sends the findings to Securit
-ASFF finding type | Security Hub finding title | Description  
+ASFF finding type | Security Hub CSPM finding title | Description  
@@ -115 +115 @@ Software and Configuration Checks/AWS Security Best Practices/Unused IAM User Ac
-IAM Access Analyzer sends findings to Security Hub using the [AWS Security Finding Format (ASFF)](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html).
+IAM Access Analyzer sends findings to Security Hub CSPM using the [AWS Security Finding Format (ASFF)](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html).
@@ -226 +226 @@ Here is an example of a typical finding from IAM Access Analyzer for unused acce
-To use the integration with Security Hub, you must enable Security Hub. For information on how to enable Security Hub, see [Setting up Security Hub](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-settingup.html) in the _AWS Security Hub User Guide_.
+To use the integration with Security Hub CSPM, you must enable Security Hub CSPM. For information on how to enable Security Hub CSPM, see [Setting up Security Hub](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-settingup.html) in the _AWS Security Hub CSPM User Guide_.
@@ -228 +228 @@ To use the integration with Security Hub, you must enable Security Hub. For info
-When you enable both IAM Access Analyzer and Security Hub, the integration is enabled automatically. IAM Access Analyzer immediately begins to send findings to Security Hub.
+When you enable both IAM Access Analyzer and Security Hub CSPM, the integration is enabled automatically. IAM Access Analyzer immediately begins to send findings to Security Hub CSPM.
@@ -232 +232 @@ When you enable both IAM Access Analyzer and Security Hub, the integration is en
-To stop sending findings to Security Hub, you can use either the Security Hub console or the API.
+To stop sending findings to Security Hub CSPM, you can use either the Security Hub CSPM console or the API.
@@ -234 +234 @@ To stop sending findings to Security Hub, you can use either the Security Hub co
-See [Disabling and enabling the flow of findings from an integration (console)](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-integrations-managing.html#securityhub-integration-findings-flow-console) or [Disabling the flow of findings from an integration (Security Hub API, AWS CLI)](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-integrations-managing.html#securityhub-integration-findings-flow-disable-api) in the _AWS Security Hub User Guide_.
+See [Disabling and enabling the flow of findings from an integration (console)](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-integrations-managing.html#securityhub-integration-findings-flow-console) or [Disabling the flow of findings from an integration (Security Hub API, AWS CLI)](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-integrations-managing.html#securityhub-integration-findings-flow-disable-api) in the _AWS Security Hub CSPM User Guide_.