AWS Security ChangesHomeSearch

AWS systems-manager documentation change

Service: systems-manager · 2025-12-10 · Documentation low

File: systems-manager/latest/userguide/using-service-linked-roles-service-action-3.md

Summary

Updated permissions and deletion procedures to reference 'Security Hub CSPM' instead of 'Security Hub' for service-linked roles.

Security assessment

The change standardizes terminology to 'Security Hub CSPM' in IAM permissions and operational procedures. There is no indication of a resolved security weakness; it refines existing security documentation without introducing new vulnerabilities or fixes.

Diff

diff --git a/systems-manager/latest/userguide/using-service-linked-roles-service-action-3.md b/systems-manager/latest/userguide/using-service-linked-roles-service-action-3.md
index 298bb6bb2..19e9d9f41 100644
--- a//systems-manager/latest/userguide/using-service-linked-roles-service-action-3.md
+++ b//systems-manager/latest/userguide/using-service-linked-roles-service-action-3.md
@@ -24 +24 @@ The role permissions policy allows Systems Manager to complete the following act
-  * Systems Manager Explorer requires that a service-linked role grant permission to update a security finding when an OpsItem is updated, create and update an OpsItem, and turn off the Security Hub data source when an SSM managed rule is deleted by customers.
+  * Systems Manager Explorer requires that a service-linked role grant permission to update a security finding when an OpsItem is updated, create and update an OpsItem, and turn off the Security Hub CSPM data source when an SSM managed rule is deleted by customers.
@@ -57 +57 @@ If the Systems Manager service is using the role when you try to delete the reso
-The procedure for deleting Systems Manager resources used by the `AWSServiceRoleForSystemsManagerOpsDataSync` role depends on if you've configured Explorer or OpsCenter to integrate with Security Hub.
+The procedure for deleting Systems Manager resources used by the `AWSServiceRoleForSystemsManagerOpsDataSync` role depends on if you've configured Explorer or OpsCenter to integrate with Security Hub CSPM.
@@ -61 +61 @@ The procedure for deleting Systems Manager resources used by the `AWSServiceRole
-  * To stop Explorer from creating new OpsItems for Security Hub findings, see [How to stop receiving findings](./explorer-securityhub-integration.html#explorer-securityhub-integration-disable-receive).
+  * To stop Explorer from creating new OpsItems for Security Hub CSPM findings, see [How to stop receiving findings](./explorer-securityhub-integration.html#explorer-securityhub-integration-disable-receive).
@@ -63 +63 @@ The procedure for deleting Systems Manager resources used by the `AWSServiceRole
-  * To stop OpsCenter from creating new OpsItems for Security Hub findings, see 
+  * To stop OpsCenter from creating new OpsItems for Security Hub CSPM findings, see