Updating SDK for Java used by Defender for Server/CSPM in AWS

Hi,

I have a customer who is Defender for Cloud/CSPM in AWS.  Last week, Cloud AWS Health Dashboard lit up with a recommendation around the use of AWS SDK for Java 1.x in their organization. This version will reach end of support on December 31, 2025. The recommendation is to migrate to AWS SDK for Java 2.x. The issue is present in all of AWS workload accounts.

 

They found that a large amount of these alerts is caused by the Defender CSPM service, running remotely, and using AWS SDK for Java 1.x.  Customer attaching a couple of sample events that were gathered from the CloudTrail logs. Please note that in both cases:

 

• assumed-role:  DefenderForCloud-Ciem
• sourceIP: 20.237.136.191 (MS Azure range)
• userAgent: aws-sdk-java/1.12.742 Linux/6.6.112.1-2.azl3 OpenJDK_64-Bit_Server_VM/21.0.9+10-LTS java/21.0.9 kotlin/1.6.20 vendor/Microsoft cfg/retry-mode/legacy cfg/auth-source#unknown

 

Can someone provide guidance about this? How to find out if DfC is going to leverage AWS SDK for Java 2.x after Dec 31, 2025?

 

Thanks,

Terru