AWS config documentation change
Summary
Restructured service-linked recorder table to add 'Recorder name' column and added new Security Hub recorders with global/regional coverage.
Security assessment
Expands documentation for Security Hub's asset visibility features but doesn't indicate any security vulnerability remediation. Enhances security posture documentation.
Diff
diff --git a/config/latest/developerguide/stop-start-recorder.md b/config/latest/developerguide/stop-start-recorder.md index e7c40bccf..b0fbbe330 100644 --- a//config/latest/developerguide/stop-start-recorder.md +++ b//config/latest/developerguide/stop-start-recorder.md @@ -128,4 +128,5 @@ Service-linked configuration recorders are supported for the following services: -**AWS service** | **Service principal** | **Benefits of using with AWS Config** | **Learn more** ----|---|---|--- -Amazon CloudWatch | `observabilityadmin.amazonaws.com, telemetry-enablement.observabilityadmin.amazonaws.com` | You can use Amazon CloudWatch Observability Admin to discover and understand the state of telemetry configuration in CloudWatch for your AWS Organization or account. | For more information, see [Auditing CloudWatch telemetry configurations ](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/telemetry-config-cloudwatch.html) in the _CloudWatch User Guide_. -AWS Security Hub CSPM | `securityhub.amazonaws.com` | You can use AWS Security Hub CSPM to centrally manage security findings and perform security assessments across your AWS accounts. The service-linked recorder enables an event-driven approach for obtaining resource configuration items required for exposure analysis coverage. | For more information, see [Enabling Security Hub](https://docs.aws.amazon.com/securityhub/latest/userguide/security-hub-adv-getting-started-enable.html) in the _Security Hub CSPM User Guide_. +**AWS service** | **Service principal** | **Recorder name** | **Benefits of using with AWS Config** | **Learn more** +---|---|---|---|--- +Amazon CloudWatch | `observabilityadmin.amazonaws.com, telemetry-enablement.observabilityadmin.amazonaws.com` | `AWSConfigurationRecorderForObservabilityAdmin, AWSConfigurationRecorderForObservabilityAdmin_TelemetryEnablement` | You can use Amazon CloudWatch Observability Admin to discover and understand the state of telemetry configuration in CloudWatch for your AWS Organization or account. | For more information, see [Auditing CloudWatch telemetry configurations ](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/telemetry-config-cloudwatch.html) in the _CloudWatch User Guide_. +AWS Security Hub | `securityhubv2.amazonaws.com` | `AWSConfigurationRecorderForSecurityHubAssets, AWSConfigurationRecorderForSecurityHubAssetsGlobal` | You can use AWS Security Hub to generate security findings and perform security assessments across your AWS accounts. The service-linked recorder enables the collection of resource configuration items required for asset visibility and analysis across regional and global resource types. | For more information, see [Enabling Security Hub](https://docs.aws.amazon.com/securityhub/latest/userguide/what-are-securityhub-services.html) in the _Security Hub and Security Hub CSPM User Guide_. +AWS Security Hub CSPM | `securityhub.amazonaws.com` | `AWSConfigurationRecorderForSecurityHubCSPM` | You can use AWS Security Hub CSPM to generate security findings and perform assessments across your AWS accounts. The service-linked recorder enables the collection of resource configuration items required to support these evaluations. | For more information, see [Enabling Security Hub CSPM](https://docs.aws.amazon.com/securityhub/latest/userguide/what-are-securityhub-services.html) in the _Security Hub and Security Hub CSPM User Guide_.