AWS Security ChangesHomeSearch

AWS wellarchitected documentation change

Service: wellarchitected · 2025-12-10 · Documentation low

File: wellarchitected/2022-03-31/framework/sec_permissions_share_securely.md

Summary

Updated Security Hub reference to include 'CSPM' in cross-account sharing context

Security assessment

Specifies CSPM as part of Security Hub integration but lacks evidence of addressing a security flaw. The change improves clarity about security-related service capabilities.

Diff

diff --git a/wellarchitected/2022-03-31/framework/sec_permissions_share_securely.md b/wellarchitected/2022-03-31/framework/sec_permissions_share_securely.md
index 1e9353c2f..d122d9b6b 100644
--- a//wellarchitected/2022-03-31/framework/sec_permissions_share_securely.md
+++ b//wellarchitected/2022-03-31/framework/sec_permissions_share_securely.md
@@ -22 +22 @@ Govern the consumption of shared resources across accounts or within your AWS Or
-As you manage your workloads using multiple AWS accounts, you may need to share resources between accounts. This will very often be cross-account sharing within an AWS Organizations. Several AWS services, such as [AWS Security Hub](https://docs.aws.amazon.com/organizations/latest/userguide/services-that-can-integrate-securityhub.html), [Amazon GuardDuty](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_organizations.html), and [AWS Backup](https://docs.aws.amazon.com/organizations/latest/userguide/services-that-can-integrate-backup.html) have cross-account features integrated with Organizations. You can use [AWS Resource Access Manager](https://aws.amazon.com/ram/) to share other common resources, such as [VPC Subnets or Transit Gateway attachments](https://docs.aws.amazon.com/ram/latest/userguide/shareable.html#shareable-vpc), [AWS Network Firewall](https://docs.aws.amazon.com/ram/latest/userguide/shareable.html#shareable-network-firewall), or [Amazon SageMaker Runtime pipelines](https://docs.aws.amazon.com/ram/latest/userguide/shareable.html#shareable-sagemaker). If you want to ensure that your account only shares resources within your Organizations, we recommend using [Service Control Policies (SCPs)](https://docs.aws.amazon.com/ram/latest/userguide/scp.html) to prevent access to external principals.
+As you manage your workloads using multiple AWS accounts, you may need to share resources between accounts. This will very often be cross-account sharing within an AWS Organizations. Several AWS services, such as [AWS Security Hub CSPM](https://docs.aws.amazon.com/organizations/latest/userguide/services-that-can-integrate-securityhub.html), [Amazon GuardDuty](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_organizations.html), and [AWS Backup](https://docs.aws.amazon.com/organizations/latest/userguide/services-that-can-integrate-backup.html) have cross-account features integrated with Organizations. You can use [AWS Resource Access Manager](https://aws.amazon.com/ram/) to share other common resources, such as [VPC Subnets or Transit Gateway attachments](https://docs.aws.amazon.com/ram/latest/userguide/shareable.html#shareable-vpc), [AWS Network Firewall](https://docs.aws.amazon.com/ram/latest/userguide/shareable.html#shareable-network-firewall), or [Amazon SageMaker Runtime pipelines](https://docs.aws.amazon.com/ram/latest/userguide/shareable.html#shareable-sagemaker). If you want to ensure that your account only shares resources within your Organizations, we recommend using [Service Control Policies (SCPs)](https://docs.aws.amazon.com/ram/latest/userguide/scp.html) to prevent access to external principals.