AWS securityhub documentation change
Summary
Updated documentation to replace references to 'Security Hub' with 'Security Hub CSPM' throughout the file, including titles, console references, resource descriptions, and policy examples.
Security assessment
The changes are purely branding updates (Security Hub → Security Hub CSPM) without modifying policy permissions, security controls, or addressing vulnerabilities. No evidence of security fixes or vulnerability disclosures exists in the diff.
Diff
diff --git a/securityhub/latest/userguide/sh_security_iam_id-based-policy-examples.md b/securityhub/latest/userguide/sh_security_iam_id-based-policy-examples.md index 028d67642..5a7d805cd 100644 --- a//securityhub/latest/userguide/sh_security_iam_id-based-policy-examples.md +++ b//securityhub/latest/userguide/sh_security_iam_id-based-policy-examples.md @@ -5 +5 @@ -Policy best practicesUsing the Security Hub consoleExample: Allow users to view their own permissionsExample: Allow users to view findingsExample: Allow users to create and manage automation rules +Policy best practicesUsing the Security Hub CSPM consoleExample: Allow users to view their own permissionsExample: Allow users to view findingsExample: Allow users to create and manage automation rules @@ -7 +7 @@ Policy best practicesUsing the Security Hub consoleExample: Allow users to view -# Identity-based policy examples for AWS Security Hub +# Identity-based policy examples for AWS Security Hub CSPM @@ -9 +9 @@ Policy best practicesUsing the Security Hub consoleExample: Allow users to view -By default, users and roles don't have permission to create or modify Security Hub resources. They also can't perform tasks using the AWS Management Console, AWS CLI, or AWS API. An administrator must create IAM policies that grant users and roles permission to perform specific API operations on the specified resources they need. The administrator must then attach those policies to the users or groups that require those permissions. +By default, users and roles don't have permission to create or modify Security Hub CSPM resources. They also can't perform tasks using the AWS Management Console, AWS CLI, or AWS API. An administrator must create IAM policies that grant users and roles permission to perform specific API operations on the specified resources they need. The administrator must then attach those policies to the users or groups that require those permissions. @@ -17 +17 @@ To learn how to create an IAM identity-based policy using these example JSON pol - * Using the Security Hub console + * Using the Security Hub CSPM console @@ -47 +47 @@ For more information about best practices in IAM, see [Security best practices i -## Using the Security Hub console +## Using the Security Hub CSPM console @@ -49 +49 @@ For more information about best practices in IAM, see [Security best practices i -To access the AWS Security Hub console, you must have a minimum set of permissions. These permissions must allow you to list and view details about the Security Hub resources in your AWS account. If you create an identity-based policy that is more restrictive than the minimum required permissions, the console won't function as intended for entities (users or roles) with that policy. +To access the AWS Security Hub CSPM console, you must have a minimum set of permissions. These permissions must allow you to list and view details about the Security Hub CSPM resources in your AWS account. If you create an identity-based policy that is more restrictive than the minimum required permissions, the console won't function as intended for entities (users or roles) with that policy. @@ -53 +53 @@ You don't need to allow minimum console permissions for users that are making ca -To ensure that those users and roles can use the Security Hub console, also attach the following AWS managed policy to the entity. For more information, see [Adding permissions to a user](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_change-permissions.html#users_change_permissions-add-console) in the _IAM User Guide_ : +To ensure that those users and roles can use the Security Hub CSPM console, also attach the following AWS managed policy to the entity. For more information, see [Adding permissions to a user](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_change-permissions.html#users_change_permissions-add-console) in the _IAM User Guide_ : @@ -124 +124 @@ This example shows how you might create a policy that allows IAM users to view t -This example shows how you might create an IAM policy that allows a user to view Security Hub findings. +This example shows how you might create an IAM policy that allows a user to view Security Hub CSPM findings. @@ -144 +144 @@ This example shows how you might create an IAM policy that allows a user to view -This example shows how you might create an IAM policy that allows a user to create, view, update, and delete Security Hub automation rules. For this IAM policy to work, the user must be a Security Hub administrator. To limit permissions— for example, to allow a user to only view automation rules—you can remove the create, update, and delete permissions. +This example shows how you might create an IAM policy that allows a user to create, view, update, and delete Security Hub CSPM automation rules. For this IAM policy to work, the user must be a Security Hub CSPM administrator. To limit permissions— for example, to allow a user to only view automation rules—you can remove the create, update, and delete permissions.