AWS Security ChangesHomeSearch

AWS wellarchitected documentation change

Service: wellarchitected · 2025-12-10 · Documentation low

File: wellarchitected/2025-02-25/framework/sec_protect_compute_auto_protection.md

Summary

Updated references from AWS Security Hub to AWS Security Hub CSPM

Security assessment

The change only rebrands Security Hub to Security Hub CSPM without altering security content. IMDSv2 security controls remain unchanged. No vulnerability or incident response documented.

Diff

diff --git a/wellarchitected/2025-02-25/framework/sec_protect_compute_auto_protection.md b/wellarchitected/2025-02-25/framework/sec_protect_compute_auto_protection.md
index 382f857d3..a107e34be 100644
--- a//wellarchitected/2025-02-25/framework/sec_protect_compute_auto_protection.md
+++ b//wellarchitected/2025-02-25/framework/sec_protect_compute_auto_protection.md
@@ -32 +32 @@ Automation also plays a role in deploying workloads that are trustworthy, descri
-Beyond these preventative controls, you can use automation in your detective controls for your compute resources as well. As one example, [AWS Security Hub](https://aws.amazon.com/security-hub/) offers the [NIST 800-53 Rev. 5](https://docs.aws.amazon.com/securityhub/latest/userguide/nist-standard.html) standard that includes checks such as [[EC2.8] EC2 instances should use Instance Metadata Service Version 2 (IMDSv2)](https://docs.aws.amazon.com/securityhub/latest/userguide/ec2-controls.html#ec2-8). IMDSv2 uses the techniques of session authentication, blocking requests that contain an X-Forwarded-For HTTP header, and a network TTL of 1 to stop traffic originating from external sources to retrieve information about the EC2 instance. This check in Security Hub can detect when EC2 instances use IMDSv1 and initiate automated remediation. Learn more about automated detection and remediations in [SEC04-BP04 Initiate remediation for non-compliant resources](https://docs.aws.amazon.com/wellarchitected/latest/framework/sec_detect_investigate_events_noncompliant_resources.html). 
+Beyond these preventative controls, you can use automation in your detective controls for your compute resources as well. As one example, [AWS Security Hub CSPM](https://aws.amazon.com/security-hub/) offers the [NIST 800-53 Rev. 5](https://docs.aws.amazon.com/securityhub/latest/userguide/nist-standard.html) standard that includes checks such as [[EC2.8] EC2 instances should use Instance Metadata Service Version 2 (IMDSv2)](https://docs.aws.amazon.com/securityhub/latest/userguide/ec2-controls.html#ec2-8). IMDSv2 uses the techniques of session authentication, blocking requests that contain an X-Forwarded-For HTTP header, and a network TTL of 1 to stop traffic originating from external sources to retrieve information about the EC2 instance. This check in Security Hub CSPM can detect when EC2 instances use IMDSv1 and initiate automated remediation. Learn more about automated detection and remediations in [SEC04-BP04 Initiate remediation for non-compliant resources](https://docs.aws.amazon.com/wellarchitected/latest/framework/sec_detect_investigate_events_noncompliant_resources.html). 
@@ -42 +42 @@ Beyond these preventative controls, you can use automation in your detective con
-    2. Automated security and compliance posture management using [AWS Security Hub](https://aws.amazon.com/security-hub/)
+    2. Automated security and compliance posture management using [AWS Security Hub CSPM](https://aws.amazon.com/security-hub/)