AWS wellarchitected documentation change
Summary
Replaced 'AWS Security Hub' with 'AWS Security Hub CSPM' in cross-account guardrails context
Security assessment
The update emphasizes CSPM's role in detecting publicly exposed resources but does not address a specific security incident. It enhances documentation of a security feature.
Diff
diff --git a/wellarchitected/2023-04-10/framework/sec_permissions_analyze_cross_account.md b/wellarchitected/2023-04-10/framework/sec_permissions_analyze_cross_account.md index 27f6b5349..6ae3f08f0 100644 --- a//wellarchitected/2023-04-10/framework/sec_permissions_analyze_cross_account.md +++ b//wellarchitected/2023-04-10/framework/sec_permissions_analyze_cross_account.md @@ -30 +30 @@ If your account is in AWS Organizations, you can grant access to resources to th -[AWS Config can report resources](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-Publicly-Accessible-Resources.html) that are misconfigured, and through AWS Config policy checks, can detect resources that have public access configured. Services such as [AWS Control Tower](https://aws.amazon.com/controltower/) and [AWS Security Hub](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-fsbp.html) simplify deploying detective controls and guardrails across AWS Organizations to identify and remediate publicly exposed resources. For example, AWS Control Tower has a managed guardrail which can detect if any [Amazon EBS snapshots are restorable by AWS accounts](https://docs.aws.amazon.com/controltower/latest/userguide/what-is-control-tower.html). +[AWS Config can report resources](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-Publicly-Accessible-Resources.html) that are misconfigured, and through AWS Config policy checks, can detect resources that have public access configured. Services such as [AWS Control Tower](https://aws.amazon.com/controltower/) and [AWS Security Hub CSPM](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-fsbp.html) simplify deploying detective controls and guardrails across AWS Organizations to identify and remediate publicly exposed resources. For example, AWS Control Tower has a managed guardrail which can detect if any [Amazon EBS snapshots are restorable by AWS accounts](https://docs.aws.amazon.com/controltower/latest/userguide/what-is-control-tower.html).