AWS wellarchitected documentation change
Summary
Replaced 'AWS Security Hub' with 'AWS Security Hub CSPM' in service reference
Security assessment
Branding update only. Core security guidance about detecting publicly exposed resources remains unchanged with no security implications.
Diff
diff --git a/wellarchitected/2025-02-25/framework/sec_permissions_analyze_cross_account.md b/wellarchitected/2025-02-25/framework/sec_permissions_analyze_cross_account.md index 31dde53a0..a13e9f528 100644 --- a//wellarchitected/2025-02-25/framework/sec_permissions_analyze_cross_account.md +++ b//wellarchitected/2025-02-25/framework/sec_permissions_analyze_cross_account.md @@ -30 +30 @@ If your account is in AWS Organizations, you can grant access to resources to th -[AWS Config can report resources](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-Publicly-Accessible-Resources.html) that are misconfigured, and through AWS Config policy checks, can detect resources that have public access configured. Services such as [AWS Control Tower](https://aws.amazon.com/controltower/) and [AWS Security Hub](https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html) simplify deploying detective controls and guardrails across AWS Organizations to identify and remediate publicly exposed resources. For example, AWS Control Tower has a managed guardrail which can detect if any [Amazon EBS snapshots are restorable by AWS accounts](https://docs.aws.amazon.com/controltower/latest/userguide/what-is-control-tower.html). +[AWS Config can report resources](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-Publicly-Accessible-Resources.html) that are misconfigured, and through AWS Config policy checks, can detect resources that have public access configured. Services such as [AWS Control Tower](https://aws.amazon.com/controltower/) and [AWS Security Hub CSPM](https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html) simplify deploying detective controls and guardrails across AWS Organizations to identify and remediate publicly exposed resources. For example, AWS Control Tower has a managed guardrail which can detect if any [Amazon EBS snapshots are restorable by AWS accounts](https://docs.aws.amazon.com/controltower/latest/userguide/what-is-control-tower.html).