AWS Security ChangesHomeSearch

AWS prescriptive-guidance documentation change

Service: prescriptive-guidance · 2025-12-10 · Documentation low

File: prescriptive-guidance/latest/patterns/detect-rds-instances-expiring-certificates.md

Summary

Updated documentation to replace 'Security Hub' with 'Security Hub CSPM' throughout the document, including console references and service descriptions.

Security assessment

The changes consistently replace 'Security Hub' with 'Security Hub CSPM', indicating a rebranding or feature refinement of AWS's security posture management capabilities. While this updates documentation about security features (CSPM), there's no evidence of addressing a specific vulnerability or security incident. The modifications appear to be terminological updates rather than responses to security issues.

Diff

diff --git a/prescriptive-guidance/latest/patterns/detect-rds-instances-expiring-certificates.md b/prescriptive-guidance/latest/patterns/detect-rds-instances-expiring-certificates.md
index 50a559a41..e807bd2bd 100644
--- a//prescriptive-guidance/latest/patterns/detect-rds-instances-expiring-certificates.md
+++ b//prescriptive-guidance/latest/patterns/detect-rds-instances-expiring-certificates.md
@@ -31 +31 @@ By provisioning the infrastructure as code (IaC) provided in this pattern, you c
-    * (Optional) [Enable](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-settingup.html#securityhub-manual-setup-overview) AWS Security Hub in the target account.
+    * (Optional) [Enable](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-settingup.html#securityhub-manual-setup-overview) AWS Security Hub CSPM in the target account.
@@ -37 +37 @@ By provisioning the infrastructure as code (IaC) provided in this pattern, you c
-    * [Enable](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-settingup.html#securityhub-orgs-setup-overview) Security Hub with AWS Organizations integration.
+    * [Enable](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-settingup.html#securityhub-orgs-setup-overview) Security Hub CSPM with AWS Organizations integration.
@@ -41 +41 @@ By provisioning the infrastructure as code (IaC) provided in this pattern, you c
-    * Designate an AWS account to be the delegated administrator for AWS Config and Security Hub.
+    * Designate an AWS account to be the delegated administrator for AWS Config and Security Hub CSPM.
@@ -48 +48 @@ By provisioning the infrastructure as code (IaC) provided in this pattern, you c
-  * If you're deploying to an individual account that doesn't have Security Hub enabled, you can use AWS Config to evaluate the findings.
+  * If you're deploying to an individual account that doesn't have Security Hub CSPM enabled, you can use AWS Config to evaluate the findings.
@@ -50 +50 @@ By provisioning the infrastructure as code (IaC) provided in this pattern, you c
-  * If you're deploying to an organization that doesn't have a delegated administrator for AWS Config and Security Hub, you must log into the individual member accounts to view the findings.
+  * If you're deploying to an organization that doesn't have a delegated administrator for AWS Config and Security Hub CSPM, you must log into the individual member accounts to view the findings.
@@ -63 +63 @@ By provisioning the infrastructure as code (IaC) provided in this pattern, you c
-The following architecture diagram shows the deployment of the AWS resources within a single AWS account. It's implemented by using a CloudFormation template directly through the CloudFormation console. If Security Hub is enabled, you can view the results in either AWS Config or Security Hub. If Security Hub is not enabled, you can view the results only in the AWS Config console.
+The following architecture diagram shows the deployment of the AWS resources within a single AWS account. It's implemented by using a CloudFormation template directly through the CloudFormation console. If Security Hub CSPM is enabled, you can view the results in either AWS Config or Security Hub CSPM. If Security Hub CSPM is not enabled, you can view the results only in the AWS Config console.
@@ -73 +73 @@ The diagram shows the following steps:
-  3. Security Hub receives all AWS Config findings.
+  3. Security Hub CSPM receives all AWS Config findings.
@@ -75 +75 @@ The diagram shows the following steps:
-  4. You can view the findings in Security Hub or in AWS Config, depending on the account's configuration.
+  4. You can view the findings in Security Hub CSPM or in AWS Config, depending on the account's configuration.
@@ -82 +82 @@ The diagram shows the following steps:
-The following diagram shows the assessment of certificate expiration across multiple accounts that are managed through AWS Organizations and AWS Control Tower. You deploy the CloudFormation template through CfCT. The assessment outcomes are centralized in Security Hub in the delegated administrator account. The AWS CodePipeline workflow depicted in the diagram shows the background steps that occur during CfCT deployment.
+The following diagram shows the assessment of certificate expiration across multiple accounts that are managed through AWS Organizations and AWS Control Tower. You deploy the CloudFormation template through CfCT. The assessment outcomes are centralized in Security Hub CSPM in the delegated administrator account. The AWS CodePipeline workflow depicted in the diagram shows the background steps that occur during CfCT deployment.
@@ -96 +96 @@ The diagram shows the following steps:
-  5. AWS Config forwards all findings to Security Hub.
+  5. AWS Config forwards all findings to Security Hub CSPM.
@@ -98 +98 @@ The diagram shows the following steps:
-  6. Security Hub findings are aggregated in the delegated administrator account.
+  6. Security Hub CSPM findings are aggregated in the delegated administrator account.
@@ -100 +100 @@ The diagram shows the following steps:
-  7. You can view the findings in Security Hub in the delegated administrator account.
+  7. You can view the findings in Security Hub CSPM in the delegated administrator account.
@@ -119 +119 @@ The diagram shows the following steps:
-  * [AWS Security Hub](https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html) provides a comprehensive view of your security state in AWS. It also helps you check your AWS environment against security industry standards and best practices.
+  * [AWS Security Hub CSPM](https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html) provides a comprehensive view of your security state in AWS. It also helps you check your AWS environment against security industry standards and best practices.
@@ -186 +186 @@ Task| Description| Skills required
-View the AWS Config rule findings.| In Security Hub, do the following to view a list of individual findings:
+View the AWS Config rule findings.| In Security Hub CSPM, do the following to view a list of individual findings:
@@ -188 +188 @@ View the AWS Config rule findings.| In Security Hub, do the following to view a
-  1. Open the [Security Hub console](https://console.aws.amazon.com/securityhub/).
+  1. Open the [Security Hub CSPM console](https://console.aws.amazon.com/securityhub/).
@@ -195 +195 @@ View the AWS Config rule findings.| In Security Hub, do the following to view a
-In Security Hub, do the following to view a list of total findings grouped by AWS account:
+In Security Hub CSPM, do the following to view a list of total findings grouped by AWS account:
@@ -197 +197 @@ In Security Hub, do the following to view a list of total findings grouped by AW
-  1. Open the [Security Hub console](https://console.aws.amazon.com/securityhub/).
+  1. Open the [Security Hub CSPM console](https://console.aws.amazon.com/securityhub/).