AWS Security ChangesHomeSearch

AWS wellarchitected documentation change

Service: wellarchitected · 2025-12-10 · Documentation low

File: wellarchitected/2024-06-27/framework/sec_protect_compute_auto_protection.md

Summary

Updated references from 'AWS Security Hub' to 'AWS Security Hub CSPM' in two locations

Security assessment

The change rebrands Security Hub to Security Hub CSPM but doesn't address any security vulnerability. It's a naming update without altering security functionality or addressing specific threats.

Diff

diff --git a/wellarchitected/2024-06-27/framework/sec_protect_compute_auto_protection.md b/wellarchitected/2024-06-27/framework/sec_protect_compute_auto_protection.md
index bcefb2d39..9456847ef 100644
--- a//wellarchitected/2024-06-27/framework/sec_protect_compute_auto_protection.md
+++ b//wellarchitected/2024-06-27/framework/sec_protect_compute_auto_protection.md
@@ -32 +32 @@ Automation also plays a role in deploying workloads that are trustworthy, descri
-Beyond these preventative controls, you can use automation in your detective controls for your compute resources as well. As one example, [AWS Security Hub](https://aws.amazon.com/security-hub/) offers the [NIST 800-53 Rev. 5](https://docs.aws.amazon.com/securityhub/latest/userguide/nist-standard.html) standard that includes checks such as [[EC2.8] EC2 instances should use Instance Metadata Service Version 2 (IMDSv2)](https://docs.aws.amazon.com/securityhub/latest/userguide/ec2-controls.html#ec2-8). IMDSv2 uses the techniques of session authentication, blocking requests that contain an X-Forwarded-For HTTP header, and a network TTL of 1 to stop traffic originating from external sources to retrieve information about the EC2 instance. This check in Security Hub can detect when EC2 instances use IMDSv1 and initiate automated remediation. Learn more about automated detection and remediations in [SEC04-BP04 Initiate remediation for non-compliant resources](https://docs.aws.amazon.com/wellarchitected/latest/framework/sec_detect_investigate_events_noncompliant_resources.html). 
+Beyond these preventative controls, you can use automation in your detective controls for your compute resources as well. As one example, [AWS Security Hub CSPM](https://aws.amazon.com/security-hub/) offers the [NIST 800-53 Rev. 5](https://docs.aws.amazon.com/securityhub/latest/userguide/nist-standard.html) standard that includes checks such as [[EC2.8] EC2 instances should use Instance Metadata Service Version 2 (IMDSv2)](https://docs.aws.amazon.com/securityhub/latest/userguide/ec2-controls.html#ec2-8). IMDSv2 uses the techniques of session authentication, blocking requests that contain an X-Forwarded-For HTTP header, and a network TTL of 1 to stop traffic originating from external sources to retrieve information about the EC2 instance. This check in Security Hub CSPM can detect when EC2 instances use IMDSv1 and initiate automated remediation. Learn more about automated detection and remediations in [SEC04-BP04 Initiate remediation for non-compliant resources](https://docs.aws.amazon.com/wellarchitected/latest/framework/sec_detect_investigate_events_noncompliant_resources.html). 
@@ -42 +42 @@ Beyond these preventative controls, you can use automation in your detective con
-    2. Automated security and compliance posture management using [AWS Security Hub](https://aws.amazon.com/security-hub/)
+    2. Automated security and compliance posture management using [AWS Security Hub CSPM](https://aws.amazon.com/security-hub/)