AWS Security ChangesHomeSearch

AWS wellarchitected documentation change

Service: wellarchitected · 2025-12-10 · Documentation low

File: wellarchitected/latest/framework/sec_permissions_emergency_process.md

Summary

Updated AWS Security Hub reference to 'AWS Security Hub CSPM' in emergency access monitoring context

Security assessment

Change specifies CSPM as the Security Hub component for auditing emergency access. This refines documentation but doesn't fix a vulnerability. It strengthens security documentation by clarifying the CSPM integration for break-glass procedure monitoring.

Diff

diff --git a/wellarchitected/latest/framework/sec_permissions_emergency_process.md b/wellarchitected/latest/framework/sec_permissions_emergency_process.md
index 9bab0b273..42c37f112 100644
--- a//wellarchitected/latest/framework/sec_permissions_emergency_process.md
+++ b//wellarchitected/latest/framework/sec_permissions_emergency_process.md
@@ -68 +68 @@ Consider the following as you design an emergency access process for a failure m
-  * Implement robust logging, monitoring, and alerting mechanisms for the emergency access process and mechanisms. Generate detailed audit logs for all successful and failed attempts to gain emergency access. Correlate the activity with ongoing emergency events from your incident management system, and initiate alerts when actions occur outside of expected time periods or when the emergency access account is used during normal operations. The emergency access account should only be accessed during emergencies, as break-glass procedures can be considered a backdoor. Integrate with your security information and event management (SIEM) tool or [AWS Security Hub](https://aws.amazon.com/security-hub/) to report and audit all activities during the emergency access period. Upon returning to normal operations, automatically rotate the emergency access credentials, and notify the relevant teams. 
+  * Implement robust logging, monitoring, and alerting mechanisms for the emergency access process and mechanisms. Generate detailed audit logs for all successful and failed attempts to gain emergency access. Correlate the activity with ongoing emergency events from your incident management system, and initiate alerts when actions occur outside of expected time periods or when the emergency access account is used during normal operations. The emergency access account should only be accessed during emergencies, as break-glass procedures can be considered a backdoor. Integrate with your security information and event management (SIEM) tool or [AWS Security Hub CSPM](https://aws.amazon.com/security-hub/) to report and audit all activities during the emergency access period. Upon returning to normal operations, automatically rotate the emergency access credentials, and notify the relevant teams.