AWS wellarchitected documentation change
Summary
Updated AWS Security Hub reference to specify CSPM (Cloud Security Posture Management) feature
Security assessment
Change adds specificity about Security Hub's CSPM capabilities but doesn't address a vulnerability. Enhances documentation about security posture management features without evidence of fixing a security flaw.
Diff
diff --git a/wellarchitected/latest/security-pillar/sec_permissions_analyze_cross_account.md b/wellarchitected/latest/security-pillar/sec_permissions_analyze_cross_account.md index f23f50ec1..347e51713 100644 --- a//wellarchitected/latest/security-pillar/sec_permissions_analyze_cross_account.md +++ b//wellarchitected/latest/security-pillar/sec_permissions_analyze_cross_account.md @@ -30 +30 @@ If your account is in AWS Organizations, you can grant access to resources to th -[AWS Config can report resources](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-Publicly-Accessible-Resources.html) that are misconfigured, and through AWS Config policy checks, can detect resources that have public access configured. Services such as [AWS Control Tower](https://aws.amazon.com/controltower/) and [AWS Security Hub](https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html) simplify deploying detective controls and guardrails across AWS Organizations to identify and remediate publicly exposed resources. For example, AWS Control Tower has a managed guardrail which can detect if any [Amazon EBS snapshots are restorable by AWS accounts](https://docs.aws.amazon.com/controltower/latest/userguide/what-is-control-tower.html). +[AWS Config can report resources](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-Publicly-Accessible-Resources.html) that are misconfigured, and through AWS Config policy checks, can detect resources that have public access configured. Services such as [AWS Control Tower](https://aws.amazon.com/controltower/) and [AWS Security Hub CSPM](https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html) simplify deploying detective controls and guardrails across AWS Organizations to identify and remediate publicly exposed resources. For example, AWS Control Tower has a managed guardrail which can detect if any [Amazon EBS snapshots are restorable by AWS accounts](https://docs.aws.amazon.com/controltower/latest/userguide/what-is-control-tower.html).