AWS securityhub documentation change
Summary
Updated all references from 'Security Hub' to 'Security Hub CSPM' throughout the document, including section titles, policy examples, and resource descriptions.
Security assessment
The changes are purely branding updates (adding 'CSPM' to Security Hub references) with no evidence of addressing vulnerabilities, weaknesses, or security incidents. No security logic, permissions, or configurations were modified. The content remains IAM documentation but now references a specific CSPM product variant without altering security guidance.
Diff
diff --git a/securityhub/latest/userguide/security_iam_service-with-iam.md b/securityhub/latest/userguide/security_iam_service-with-iam.md index 91d2d2971..9dd78968d 100644 --- a//securityhub/latest/userguide/security_iam_service-with-iam.md +++ b//securityhub/latest/userguide/security_iam_service-with-iam.md @@ -5 +5 @@ -Identity-based policies for Security HubResource-based policiesPolicy actionsPolicy resources for Security HubPolicy condition keysAccess control lists (ACLs) in Security HubAttribute-based access control (ABAC)Temporary credentialsForward access sessionsService rolesService-linked roles +Identity-based policies for Security Hub CSPMResource-based policiesPolicy actionsPolicy resources for Security Hub CSPMPolicy condition keysAccess control lists (ACLs) in Security Hub CSPMAttribute-based access control (ABAC)Temporary credentialsForward access sessionsService rolesService-linked roles @@ -9 +9 @@ Identity-based policies for Security HubResource-based policiesPolicy actionsPol -Before you use AWS Identity and Access Management (IAM) to manage access to AWS Security Hub, learn which IAM features are available to use with Security Hub. +Before you use AWS Identity and Access Management (IAM) to manage access to AWS Security Hub CSPM, learn which IAM features are available to use with Security Hub CSPM. @@ -11 +11 @@ Before you use AWS Identity and Access Management (IAM) to manage access to AWS -IAM features you can use with AWS Security Hub IAM feature | Security Hub support +IAM features you can use with AWS Security Hub CSPM IAM feature | Security Hub CSPM support @@ -25 +25 @@ Service-linked roles | Yes -For a high-level view of how Security Hub and other AWS services work with most IAM features, see [AWS services that work with IAM](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-services-that-work-with-iam.html) in the _IAM User Guide_. +For a high-level view of how Security Hub CSPM and other AWS services work with most IAM features, see [AWS services that work with IAM](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-services-that-work-with-iam.html) in the _IAM User Guide_. @@ -27 +27 @@ For a high-level view of how Security Hub and other AWS services work with most -## Identity-based policies for Security Hub +## Identity-based policies for Security Hub CSPM @@ -35 +35 @@ With IAM identity-based policies, you can specify allowed or denied actions and -Security Hub supports identity-based policies. For more information, see [Identity-based policy examples for AWS Security Hub](./security_iam_id-based-policy-examples.html). +Security Hub CSPM supports identity-based policies. For more information, see [Identity-based policy examples for AWS Security Hub CSPM](./security_iam_id-based-policy-examples.html). @@ -37 +37 @@ Security Hub supports identity-based policies. For more information, see [Identi -## Resource-based policies for Security Hub +## Resource-based policies for Security Hub CSPM @@ -45 +45 @@ To enable cross-account access, you can specify an entire account or IAM entitie -Security Hub does not support resource-based policies. You can't attach an IAM policy directly to a Security Hub resource. +Security Hub CSPM does not support resource-based policies. You can't attach an IAM policy directly to a Security Hub CSPM resource. @@ -47 +47 @@ Security Hub does not support resource-based policies. You can't attach an IAM p -## Policy actions for Security Hub +## Policy actions for Security Hub CSPM @@ -55 +55 @@ The `Action` element of a JSON policy describes the actions that you can use to -Policy actions in Security Hub use the following prefix before the action: +Policy actions in Security Hub CSPM use the following prefix before the action: @@ -60 +60 @@ Policy actions in Security Hub use the following prefix before the action: -For example, to grant a user permission to enable Security Hub, which is an action that corresponds to the `EnableSecurityHub` operation of the Security Hub API, include the `securityhub:EnableSecurityHub` action in their policy. Policy statements must include either an `Action` or `NotAction` element. Security Hub defines its own set of actions that describe tasks that you can perform with this service. +For example, to grant a user permission to enable Security Hub CSPM, which is an action that corresponds to the `EnableSecurityHub` operation of the Security Hub CSPM API, include the `securityhub:EnableSecurityHub` action in their policy. Policy statements must include either an `Action` or `NotAction` element. Security Hub CSPM defines its own set of actions that describe tasks that you can perform with this service. @@ -84 +84 @@ The user must have access to the `UpdateStandardsControls` operation in order to -For a list of Security Hub actions, see [Actions defined by AWS Security Hub](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecurityhub.html#awssecurityhub-actions-as-permissions) in the _Service Authorization Reference_. For examples of policies that specify Security Hub actions, see [Identity-based policy examples for AWS Security Hub](./security_iam_id-based-policy-examples.html). +For a list of Security Hub CSPM actions, see [Actions defined by AWS Security Hub CSPM](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecurityhub.html#awssecurityhub-actions-as-permissions) in the _Service Authorization Reference_. For examples of policies that specify Security Hub CSPM actions, see [Identity-based policy examples for AWS Security Hub CSPM](./security_iam_id-based-policy-examples.html). @@ -86 +86 @@ For a list of Security Hub actions, see [Actions defined by AWS Security Hub](ht -## Policy resources for Security Hub +## Policy resources for Security Hub CSPM @@ -97 +97 @@ The `Resource` JSON policy element specifies the object or objects to which the -Security Hub defines the following resource types: +Security Hub CSPM defines the following resource types: @@ -114 +114 @@ You can specify these types of resources in policies by using ARNs. -For a list of Security Hub resource types and the ARN syntax for each one, see [Resource types defined by AWS Security Hub](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecurityhub.html#awssecurityhub-resources-for-iam-policies) in the _Service Authorization Reference_. To learn which actions you can specify for each type of resource, see [Actions defined by AWS Security Hub](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecurityhub.html#awssecurityhub-actions-as-permissions) in the _Service Authorization Reference_. For examples of policies that specify resources, see [Identity-based policy examples for AWS Security Hub](./security_iam_id-based-policy-examples.html). +For a list of Security Hub CSPM resource types and the ARN syntax for each one, see [Resource types defined by AWS Security Hub CSPM](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecurityhub.html#awssecurityhub-resources-for-iam-policies) in the _Service Authorization Reference_. To learn which actions you can specify for each type of resource, see [Actions defined by AWS Security Hub CSPM](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecurityhub.html#awssecurityhub-actions-as-permissions) in the _Service Authorization Reference_. For examples of policies that specify resources, see [Identity-based policy examples for AWS Security Hub CSPM](./security_iam_id-based-policy-examples.html). @@ -116 +116 @@ For a list of Security Hub resource types and the ARN syntax for each one, see [ -## Policy condition keys for Security Hub +## Policy condition keys for Security Hub CSPM @@ -124 +124 @@ The `Condition` element specifies when statements execute based on defined crite -For a list of Security Hub condition keys, see [Condition keys for AWS Security Hub](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecurityhub.html#awssecurityhub-policy-keys) in the _Service Authorization Reference_. To learn which actions and resources you can use a condition key with, see [Actions defined by AWS Security Hub](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecurityhub.html#awssecurityhub-actions-as-permissions). For examples of policies that use condition keys, see [Identity-based policy examples for AWS Security Hub](./security_iam_id-based-policy-examples.html). +For a list of Security Hub CSPM condition keys, see [Condition keys for AWS Security Hub CSPM](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecurityhub.html#awssecurityhub-policy-keys) in the _Service Authorization Reference_. To learn which actions and resources you can use a condition key with, see [Actions defined by AWS Security Hub CSPM](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecurityhub.html#awssecurityhub-actions-as-permissions). For examples of policies that use condition keys, see [Identity-based policy examples for AWS Security Hub CSPM](./security_iam_id-based-policy-examples.html). @@ -126 +126 @@ For a list of Security Hub condition keys, see [Condition keys for AWS Security -## Access control lists (ACLs) in Security Hub +## Access control lists (ACLs) in Security Hub CSPM @@ -132 +132 @@ Access control lists (ACLs) control which principals (account members, users, or -Security Hub doesn't support ACLs, which means you can't attach an ACL to a Security Hub resource. +Security Hub CSPM doesn't support ACLs, which means you can't attach an ACL to a Security Hub CSPM resource. @@ -134 +134 @@ Security Hub doesn't support ACLs, which means you can't attach an ACL to a Secu -## Attribute-based access control (ABAC) with Security Hub +## Attribute-based access control (ABAC) with Security Hub CSPM @@ -146 +146 @@ For more information about ABAC, see [Define permissions with ABAC authorization -You can attach tags to Security Hub resources. You can also control access to resources by providing tag information in the `Condition` element of a policy. +You can attach tags to Security Hub CSPM resources. You can also control access to resources by providing tag information in the `Condition` element of a policy. @@ -148 +148 @@ You can attach tags to Security Hub resources. You can also control access to re -For information about tagging Security Hub resources, see [Tagging Security Hub resources](./tagging-resources.html). For an example of an identity-based policy that controls access to a resource based on tags, see [Identity-based policy examples for AWS Security Hub](./security_iam_id-based-policy-examples.html). +For information about tagging Security Hub CSPM resources, see [Tagging Security Hub resources](./tagging-resources.html). For an example of an identity-based policy that controls access to a resource based on tags, see [Identity-based policy examples for AWS Security Hub CSPM](./security_iam_id-based-policy-examples.html). @@ -150 +150 @@ For information about tagging Security Hub resources, see [Tagging Security Hub -## Using temporary credentials with Security Hub +## Using temporary credentials with Security Hub CSPM @@ -158 +158 @@ You can use temporary credentials to sign in with federation, assume an IAM role -Security Hub supports the use of temporary credentials. +Security Hub CSPM supports the use of temporary credentials. @@ -160 +160 @@ Security Hub supports the use of temporary credentials. -## Forward access sessions for Security Hub +## Forward access sessions for Security Hub CSPM @@ -166 +166 @@ Forward access sessions (FAS) use the permissions of the principal calling an AW -For example, Security Hub makes FAS requests to downstream AWS services when you integrate Security Hub with AWS Organizations and when you designate the delegated Security Hub administrator account for an organization in Organizations. +For example, Security Hub CSPM makes FAS requests to downstream AWS services when you integrate Security Hub CSPM with AWS Organizations and when you designate the delegated Security Hub CSPM administrator account for an organization in Organizations. @@ -168 +168 @@ For example, Security Hub makes FAS requests to downstream AWS services when you -For other tasks, Security Hub uses a service-linked role to perform actions on your behalf. For details about this role, see [Service-linked roles for AWS Security Hub](./using-service-linked-roles.html). +For other tasks, Security Hub CSPM uses a service-linked role to perform actions on your behalf. For details about this role, see [Service-linked roles for AWS Security Hub CSPM](./using-service-linked-roles.html). @@ -170 +170 @@ For other tasks, Security Hub uses a service-linked role to perform actions on y -## Service roles for Security Hub +## Service roles for Security Hub CSPM @@ -172 +172 @@ For other tasks, Security Hub uses a service-linked role to perform actions on y -Security Hub doesn't assume or use service roles. To perform actions on your behalf, Security Hub uses a service-linked role. For details about this role, see [Service-linked roles for AWS Security Hub](./using-service-linked-roles.html). +Security Hub CSPM doesn't assume or use service roles. To perform actions on your behalf, Security Hub CSPM uses a service-linked role. For details about this role, see [Service-linked roles for AWS Security Hub CSPM](./using-service-linked-roles.html). @@ -176 +176 @@ Security Hub doesn't assume or use service roles. To perform actions on your beh -Changing the permissions for a service role may create operational issues with your use of Security Hub. Edit service roles only when Security Hub provides guidance to do so. +Changing the permissions for a service role may create operational issues with your use of Security Hub CSPM. Edit service roles only when Security Hub CSPM provides guidance to do so. @@ -178 +178 @@ Changing the permissions for a service role may create operational issues with y -## Service-linked roles for Security Hub +## Service-linked roles for Security Hub CSPM @@ -184 +184 @@ A service-linked role is a type of service role that is linked to an AWS service -Security Hub uses a service-linked role to perform actions on your behalf. For details about this role, see [Service-linked roles for AWS Security Hub](./using-service-linked-roles.html). +Security Hub CSPM uses a service-linked role to perform actions on your behalf. For details about this role, see [Service-linked roles for AWS Security Hub CSPM](./using-service-linked-roles.html).