AWS controltower documentation change
Summary
Updated policy description to reference 'Security Hub CSPM' instead of 'Security Hub' and updated standard names.
Security assessment
Policy documentation updated to reflect Security Hub CSPM terminology. The service-linked role's purpose remains unchanged (drift detection). No security flaws are mentioned or patched.
Diff
diff --git a/controltower/latest/userguide/managed-policies-table.md b/controltower/latest/userguide/managed-policies-table.md index 60117c161..3cbe1bbd4 100644 --- a//controltower/latest/userguide/managed-policies-table.md +++ b//controltower/latest/userguide/managed-policies-table.md @@ -26 +26 @@ Change | Description | Date -[AWSControlTowerAccountServiceRolePolicy](./access-control-managing-permissions.html#account-service-role-policy) – A new policy | AWS Control Tower added a new service-linked role that allows AWS Control Tower to create and manage event rules, and based on those rules, to manage drift detection for controls that are related to Security Hub. This change is needed so that customers can view drifted resources in the console, when those resources are related to Security Hub controls that are part of the **Security Hub Service-managed Standard: AWS Control Tower**. | May 22, 2023 +[AWSControlTowerAccountServiceRolePolicy](./access-control-managing-permissions.html#account-service-role-policy) – A new policy | AWS Control Tower added a new service-linked role that allows AWS Control Tower to create and manage event rules, and based on those rules, to manage drift detection for controls that are related to Security Hub CSPM. This change is needed so that customers can view drifted resources in the console, when those resources are related to Security Hub CSPM controls that are part of the **Security Hub CSPM Service-managed Standard: AWS Control Tower**. | May 22, 2023