AWS Security ChangesHomeSearch

AWS securityhub documentation change

Service: securityhub · 2026-05-22 · Documentation low

File: securityhub/latest/userguide/exposure-iam-user.md

Summary

Added 'Unused access traits for IAM users' section explaining how unused permissions appear in findings and link to policy recommendations.

Security assessment

Documents new security visibility features for IAM user permissions without evidence of addressing a specific vulnerability. Focuses on security posture improvement through better permission management documentation.

Diff

diff --git a/securityhub/latest/userguide/exposure-iam-user.md b/securityhub/latest/userguide/exposure-iam-user.md
index 48209a0e7..4e308980d 100644
--- a//securityhub/latest/userguide/exposure-iam-user.md
+++ b//securityhub/latest/userguide/exposure-iam-user.md
@@ -7 +7 @@
-Misconfiguration traits for IAM users
+Misconfiguration traits for IAM usersUnused access traits for IAM users
@@ -42,0 +43,2 @@ IAM best practices recommend that you create IAM roles or use federation with an
+  * [Unused access traits for IAM users](./exposure-iam-user.html#iam-user-unused-access)
+
@@ -189,0 +192,6 @@ Consider adding conditions to further restrict when these permissions can be use
+## Unused access traits for IAM users
+
+When an IAM user has unused permissions, access keys, or passwords, Security Hub may include these as contextual traits in exposure findings for that user. These traits are generated by the service-managed IAM Access Analyzer and provide additional context about the user's security posture. Unused access traits are not the primary cause of the exposure finding, but they indicate that the user has more permissions than needed, which increases the potential impact if the user's credentials are compromised. 
+
+For unused permissions specifically, you can generate a least-privilege policy recommendation that shows you a scoped-down replacement policy. For more information, see [Generating policy recommendations for unused access findings](./unused-access-recommendations.html). 
+