AWS securityhub documentation change
Summary
Removed documentation for AWSSecurityHubV2ServiceRolePolicy and associated policy update note
Security assessment
The change removes documentation for a deprecated policy but contains no evidence of security vulnerability fixes or security improvements. It appears to be routine cleanup of outdated content.
Diff
diff --git a/securityhub/latest/userguide/security-iam-awsmanpol.md b/securityhub/latest/userguide/security-iam-awsmanpol.md index a191cc31c..f45c1b91c 100644 --- a//securityhub/latest/userguide/security-iam-awsmanpol.md +++ b//securityhub/latest/userguide/security-iam-awsmanpol.md @@ -7 +7 @@ -AWSSecurityHubFullAccessAWSSecurityHubReadOnlyAccess AWSSecurityHubOrganizationsAccess AWSSecurityHubServiceRolePolicyAWSSecurityHubV2ServiceRolePolicyPolicy updates +AWSSecurityHubFullAccessAWSSecurityHubReadOnlyAccess AWSSecurityHubOrganizationsAccess AWSSecurityHubServiceRolePolicyPolicy updates @@ -173,33 +172,0 @@ To review the permissions for this policy, see [AWSSecurityHubServiceRolePolicy] -## AWS managed policy: AWSSecurityHubV2ServiceRolePolicy - -###### Note - -Security Hub is in preview release and subject to change. - -This policy allows Security Hub to manage AWS Config rules and Security Hub resources for your organization and on your behalf. This policy is attached to a service-linked role that allows the service to perform actions on your behalf. You cannot attach this policy to your IAM identities. For more information, see [Service-linked roles for AWS Security Hub CSPM](./using-service-linked-roles.html). - -###### Permissions details - -This policy includes the following permissions: - - * `cloudwatch` – Retrieve metrics data to support metering capabilities for Security Hub resources. - - * `config` – Manage service-linked configuration recorders for Security Hub resources, including support for global Config recorders. - - * `ecr` – Retrieve information about Amazon Elastic Container Registry images and repositories to support metering capabilities. - - * `iam` – Create the service-linked role for AWS Config and retrieve account information to support metering capabilities. - - * `lambda` – Retrieve AWS Lambda function information to support metering capabilities. - - * `organizations` – Retrieve account and organizational unit (OU) information for an organization. - - * `securityhub` – Manage the Security Hub configuration. - - * `tag` – Retrieve information about resource tags. - - - - -To review the permissions for this policy, see [AWSSecurityHubV2ServiceRolePolicy](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AWSSecurityHubV2ServiceRolePolicy.html) in the _AWS Managed Policy Reference Guide_. - @@ -215 +181,0 @@ AWSSecurityHubFullAccess – Updated policy | Security Hub updated the policy -AWSSecurityHubV2ServiceRolePolicy – Updated policy | Security Hub updated the policy to add metering capabilities for Amazon Elastic Container Registry, AWS Lambda, Amazon CloudWatch, and AWS Identity and Access Management to support Security Hub features. The update also added support for global AWS Config recorders. Security Hub is in preview release and subject to change. | November 5, 2025