Skip to content

docs: update Infrastructure Discovery to match current product scope#2085

Open
masteredd wants to merge 1 commit into
masterfrom
feature/sec-2529-update-infra-discovery-docs
Open

docs: update Infrastructure Discovery to match current product scope#2085
masteredd wants to merge 1 commit into
masterfrom
feature/sec-2529-update-infra-discovery-docs

Conversation

@masteredd

Copy link
Copy Markdown
Collaborator

Summary

  • Expanded "What is discovered" table from 9 to 25+ AWS services: S3, RDS, DynamoDB, ElastiCache, Redshift, ECS, ECR, EFS, CloudFront, WAF, KMS, Secrets Manager, ACM, SSM, SNS, SQS
  • Added GuardDuty, Inspector, IAM Access Analyzer as finding sources alongside Security Hub
  • Updated IAM permissions section: replaced single JSON policy block with a table of six managed policies matching the current CloudFormation template (with explicit Deny statements)
  • Expanded built-in rules list with S3, RDS, KMS, Secrets Manager, and IAM security checks
  • Updated finding details to list all source types (Wallarm, Security Hub, GuardDuty, Inspector, Access Analyzer)

Why

The existing docs covered only the original 9 AWS services from the initial launch. The product now discovers 25+ services and imports findings from 4 AWS security services. The IAM permissions section showed a simplified single-statement policy that no longer matches the actual CloudFormation template.

Changes verified against discovery-agent source code (internal/collectors/, deploy/iam/customer-cloudformation.yaml).

Test plan

  • Verify MkDocs renders correctly (tables, admonitions, collapsible note)
  • Confirm 6.x and 7.x versions inherit changes via --8<-- includes
  • Cross-check resource table against current product UI

SEC-2529

…cope

Expand resource coverage table from 9 to 25+ AWS services (S3, RDS, DynamoDB,
ElastiCache, Redshift, ECS, ECR, EFS, CloudFront, WAF, KMS, Secrets Manager,
ACM, SSM, SNS, SQS). Add GuardDuty, Inspector, IAM Access Analyzer as finding
sources alongside Security Hub. Update IAM permissions section to reflect the
six managed policies in the current CloudFormation template with explicit Deny
statements. Expand built-in rules list with S3, RDS, KMS, Secrets Manager, and
IAM checks.

SEC-2529

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@netlify

netlify Bot commented Jul 6, 2026

Copy link
Copy Markdown

Deploy Preview for pensive-dubinsky-5f7a00 ready!

Name Link
🔨 Latest commit 9b74cec
🔍 Latest deploy log https://app.netlify.com/projects/pensive-dubinsky-5f7a00/deploys/6a4b71349d7a3d000854d94f
😎 Deploy Preview https://deploy-preview-2085--pensive-dubinsky-5f7a00.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant