AWS Security ChangesHomeSearch

AWS controltower documentation change

Service: controltower · 2025-12-10 · Documentation low

File: controltower/latest/controlreference/opensearch-rules.md

Summary

Updated recommendation source from 'Security Hub' to 'Security Hub CSPM' regarding VPC configuration for Elasticsearch domains

Security assessment

The modification only changes the referencing service name while maintaining existing security advice about VPC usage. No new security guidance or vulnerability mitigation is introduced.

Diff

diff --git a/controltower/latest/controlreference/opensearch-rules.md b/controltower/latest/controlreference/opensearch-rules.md
index 5fd9fb72a..ba2d98f88 100644
--- a//controltower/latest/controlreference/opensearch-rules.md
+++ b//controltower/latest/controlreference/opensearch-rules.md
@@ -353 +353 @@ This control checks whether Elasticsearch domains are configured with VPC option
-Elasticsearch domains deployed within a VPC can communicate with VPC resources over the private AWS network, without the need to traverse the public internet. This configuration increases the security posture by limiting access to the data in transit. VPCs provide a number of network controls that help create secure access to Elasticsearch domains, including network ACLs and security groups. Security Hub recommends that you migrate public Elasticsearch domains to VPCs to take advantage of these controls.
+Elasticsearch domains deployed within a VPC can communicate with VPC resources over the private AWS network, without the need to traverse the public internet. This configuration increases the security posture by limiting access to the data in transit. VPCs provide a number of network controls that help create secure access to Elasticsearch domains, including network ACLs and security groups. Security Hub CSPM recommends that you migrate public Elasticsearch domains to VPCs to take advantage of these controls.