AWS Security ChangesHomeSearch

AWS securityhub documentation change

Service: securityhub · 2025-12-10 · Documentation low

File: securityhub/latest/userguide/security_iam_id-based-policy-examples.md

Summary

Renamed 'Security Hub' to 'Security Hub CSPM' throughout the documentation, updated references to console, resources, and administrator roles to reflect CSPM branding

Security assessment

The changes are purely branding/nomenclature updates replacing 'Security Hub' with 'Security Hub CSPM'. There is no evidence of security vulnerability fixes, policy modifications, or new security guidance. The IAM policy examples remain functionally identical except for naming consistency.

Diff

diff --git a/securityhub/latest/userguide/security_iam_id-based-policy-examples.md b/securityhub/latest/userguide/security_iam_id-based-policy-examples.md
index 0661a35c9..0ec027571 100644
--- a//securityhub/latest/userguide/security_iam_id-based-policy-examples.md
+++ b//securityhub/latest/userguide/security_iam_id-based-policy-examples.md
@@ -5 +5 @@
-Policy best practicesUsing the Security Hub consoleExample: Allow users to view their own permissionsExample: Allow users to create and manage a configuration policyExample: Allow users to view findingsExample: Allow users to create and manage automation rules
+Policy best practicesUsing the Security Hub CSPM consoleExample: Allow users to view their own permissionsExample: Allow users to create and manage a configuration policyExample: Allow users to view findingsExample: Allow users to create and manage automation rules
@@ -7 +7 @@ Policy best practicesUsing the Security Hub consoleExample: Allow users to view
-# Identity-based policy examples for AWS Security Hub
+# Identity-based policy examples for AWS Security Hub CSPM
@@ -9 +9 @@ Policy best practicesUsing the Security Hub consoleExample: Allow users to view
-By default, users and roles don't have permission to create or modify Security Hub resources. They also can't perform tasks using the AWS Management Console, AWS CLI, or AWS API. An administrator must create IAM policies that grant users and roles permission to perform specific API operations on the specified resources they need. The administrator must then attach those policies to the users or groups that require those permissions.
+By default, users and roles don't have permission to create or modify Security Hub CSPM resources. They also can't perform tasks using the AWS Management Console, AWS CLI, or AWS API. An administrator must create IAM policies that grant users and roles permission to perform specific API operations on the specified resources they need. The administrator must then attach those policies to the users or groups that require those permissions.
@@ -17 +17 @@ To learn how to create an IAM identity-based policy using these example JSON pol
-  * Using the Security Hub console
+  * Using the Security Hub CSPM console
@@ -49 +49 @@ For more information about best practices in IAM, see [Security best practices i
-## Using the Security Hub console
+## Using the Security Hub CSPM console
@@ -51 +51 @@ For more information about best practices in IAM, see [Security best practices i
-To access the AWS Security Hub console, you must have a minimum set of permissions. These permissions must allow you to list and view details about the Security Hub resources in your AWS account. If you create an identity-based policy that is more restrictive than the minimum required permissions, the console won't function as intended for entities (users or roles) with that policy.
+To access the AWS Security Hub CSPM console, you must have a minimum set of permissions. These permissions must allow you to list and view details about the Security Hub CSPM resources in your AWS account. If you create an identity-based policy that is more restrictive than the minimum required permissions, the console won't function as intended for entities (users or roles) with that policy.
@@ -55 +55 @@ You don't need to allow minimum console permissions for users that are making ca
-To ensure that those users and roles can use the Security Hub console, also attach the following AWS managed policy to the entity. For more information, see [Adding permissions to a user](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_change-permissions.html#users_change_permissions-add-console) in the _IAM User Guide_ :
+To ensure that those users and roles can use the Security Hub CSPM console, also attach the following AWS managed policy to the entity. For more information, see [Adding permissions to a user](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_change-permissions.html#users_change_permissions-add-console) in the _IAM User Guide_ :
@@ -126 +126 @@ This example shows how you might create a policy that allows IAM users to view t
-This example shows how you might create an IAM policy that allows a user to create, view, update, and delete configuration policies. This example policy also allows the user to start, stop, and view policy associations. For this IAM policy to work, the user must be the delegated Security Hub administrator for an organization.
+This example shows how you might create an IAM policy that allows a user to create, view, update, and delete configuration policies. This example policy also allows the user to start, stop, and view policy associations. For this IAM policy to work, the user must be the delegated Security Hub CSPM administrator for an organization.
@@ -189 +189 @@ JSON
-This example shows how you might create an IAM policy that allows a user to view Security Hub findings.
+This example shows how you might create an IAM policy that allows a user to view Security Hub CSPM findings.
@@ -215 +215 @@ JSON
-This example shows how you might create an IAM policy that allows a user to create, view, update, and delete Security Hub automation rules. For this IAM policy to work, the user must be a Security Hub administrator. To limit permissions— for example, to allow a user to only view automation rules—you can remove the create, update, and delete permissions.
+This example shows how you might create an IAM policy that allows a user to create, view, update, and delete Security Hub CSPM automation rules. For this IAM policy to work, the user must be a Security Hub CSPM administrator. To limit permissions— for example, to allow a user to only view automation rules—you can remove the create, update, and delete permissions.
@@ -263 +263 @@ To use the Amazon Web Services Documentation, Javascript must be enabled. Please
-How Security Hub works with IAM
+How Security Hub CSPM works with IAM