AWS Security ChangesHomeSearch

AWS prescriptive-guidance documentation change

Service: prescriptive-guidance · 2025-12-10 · Documentation low

File: prescriptive-guidance/latest/terraform-aws-provider-best-practices/security.md

Summary

Updated references from 'AWS Security Hub' to 'AWS Security Hub CSPM' in two sections discussing security monitoring and scanning tools.

Security assessment

The change clarifies the use of CSPM (Cloud Security Posture Management) capabilities within Security Hub but doesn't address a specific vulnerability. It enhances documentation of AWS security features by specifying the CSPM component.

Diff

diff --git a/prescriptive-guidance/latest/terraform-aws-provider-best-practices/security.md b/prescriptive-guidance/latest/terraform-aws-provider-best-practices/security.md
index cb212bebc..210e7c7a3 100644
--- a//prescriptive-guidance/latest/terraform-aws-provider-best-practices/security.md
+++ b//prescriptive-guidance/latest/terraform-aws-provider-best-practices/security.md
@@ -192 +192 @@ AWS provides several services and features that you can use to set up alerts and
-  * [AWS Security Hub](https://aws.amazon.com/security-hub/): Security Hub provides a comprehensive view of your AWS account's security posture and can help detect and notify you about potential security issues, including unused or inactive IAM access keys. Security Hub can integrate with Amazon EventBridge and Amazon SNS or Amazon Q Developer in chat applications to send notifications to administrators.
+  * [AWS Security Hub CSPM](https://aws.amazon.com/security-hub/): Security Hub CSPM provides a comprehensive view of your AWS account's security posture and can help detect and notify you about potential security issues, including unused or inactive IAM access keys. Security Hub CSPM can integrate with Amazon EventBridge and Amazon SNS or Amazon Q Developer in chat applications to send notifications to administrators.
@@ -240 +240 @@ Proactively scan both infrastructure and source code continuously for risks such
-Use AWS native tools such as [Amazon Inspector](https://aws.amazon.com/inspector/), [AWS Security Hub](https://aws.amazon.com/security-hub/), [Amazon Detective](https://aws.amazon.com/detective/), and [Amazon GuardDuty](https://aws.amazon.com/guardduty/) to monitor provisioned infrastructure across accounts and Regions. Schedule recurring scans in Security Hub to track deployment and configuration drift. Scan EC2 instances, Lambda functions, containers, S3 buckets, and other resources.
+Use AWS native tools such as [Amazon Inspector](https://aws.amazon.com/inspector/), [AWS Security Hub CSPM](https://aws.amazon.com/security-hub/), [Amazon Detective](https://aws.amazon.com/detective/), and [Amazon GuardDuty](https://aws.amazon.com/guardduty/) to monitor provisioned infrastructure across accounts and Regions. Schedule recurring scans in Security Hub CSPM to track deployment and configuration drift. Scan EC2 instances, Lambda functions, containers, S3 buckets, and other resources.