AWS controltower documentation change
Summary
Updated recommendation source from 'Security Hub' to 'Security Hub CSPM' regarding VPC configuration for Elasticsearch domains
Security assessment
The modification only changes the referencing service name while maintaining existing security advice about VPC usage. No new security guidance or vulnerability mitigation is introduced.
Diff
diff --git a/controltower/latest/controlreference/opensearch-rules.md b/controltower/latest/controlreference/opensearch-rules.md index 5fd9fb72a..ba2d98f88 100644 --- a//controltower/latest/controlreference/opensearch-rules.md +++ b//controltower/latest/controlreference/opensearch-rules.md @@ -353 +353 @@ This control checks whether Elasticsearch domains are configured with VPC option -Elasticsearch domains deployed within a VPC can communicate with VPC resources over the private AWS network, without the need to traverse the public internet. This configuration increases the security posture by limiting access to the data in transit. VPCs provide a number of network controls that help create secure access to Elasticsearch domains, including network ACLs and security groups. Security Hub recommends that you migrate public Elasticsearch domains to VPCs to take advantage of these controls. +Elasticsearch domains deployed within a VPC can communicate with VPC resources over the private AWS network, without the need to traverse the public internet. This configuration increases the security posture by limiting access to the data in transit. VPCs provide a number of network controls that help create secure access to Elasticsearch domains, including network ACLs and security groups. Security Hub CSPM recommends that you migrate public Elasticsearch domains to VPCs to take advantage of these controls.