AWS solutions documentation change
Summary
The documentation was reformatted for consistency, with changes including removing extra line breaks, fixing markdown formatting, and correcting URLs. The content remains largely the same but is now more concise and properly formatted.
Security assessment
The changes are primarily formatting improvements and URL corrections. There is no evidence of addressing specific security vulnerabilities or adding new security-related content.
Diff
diff --git a/solutions/latest/scalable-analytics-using-apache-druid-on-aws/configure-the-solution.md index dadbc2bbb..e7697348a 100644 --- a/solutions/latest/scalable-analytics-using-apache-druid-on-aws/configure-the-solution.md +++ b/solutions/latest/scalable-analytics-using-apache-druid-on-aws/configure-the-solution.md @@ -18,16 +18,4 @@ Network | | | Optional - - * VPC CIDR Range - -| `vpcCidr` | 10.0.0.0/16 | Optional - - * VPC ID - -| `vpcId` | N/A | Optional - - * Application Load Balancer - -| `internetFacing` | true | Optional - - * Bastion host - -| `bastionHost` | false | Optional +* VPC CIDR Range | `vpcCidr` | 10.0.0.0/16 | Optional +* VPC ID | `vpcId` | N/A | Optional +* Application Load Balancer | `internetFacing` | true | Optional +* Bastion host | `bastionHost` | false | Optional @@ -35,12 +23,3 @@ Druid domain | | | Optional - - * Route53 hosted zone - -| `route53HostedZoneName`, and `route53HostedZoneId` | N/A | Optional - - * Druid domain - -| `druidDomain` | N/A | Optional - - * TLS certificate - -| `tlsCertificateArn` | N/A | Optional +* Route53 hosted zone | `route53HostedZoneName`, and `route53HostedZoneId` | N/A | Optional +* Druid domain | `druidDomain` | N/A | Optional +* TLS certificate | `tlsCertificateArn` | N/A | Optional @@ -50,32 +29,8 @@ Druid configuration | | | Mandatory - - * Version - -| `druidVersion` | | Mandatory - - * Cluster name - -| `druidClusterName` | | Mandatory - - * Operation platform - -| `druidOperationPlatform` | | Mandatory - - * Custom IAM policy list - -| `druidInstanceIamPolicyArns` | N/A | Optional - - * Query concurrency rate limit - -| `druidConcurrentQueryLimit` | 100 | Optional - - * Extensions - -| `druidExtensions` | | Mandatory - - * Common runtime properties - -| `druidCommonRuntimeConfig` | N/A | Optional - - * Retention rules - -| `druidRetentionRules` | | Optional +* Version | `druidVersion` | | Mandatory +* Cluster name | `druidClusterName` | | Mandatory +* Operation platform | `druidOperationPlatform` | | Mandatory +* Custom IAM policy list | `druidInstanceIamPolicyArns` | N/A | Optional +* Query concurrency rate limit | `druidConcurrentQueryLimit` | 100 | Optional +* Extensions | `druidExtensions` | | Mandatory +* Common runtime properties | `druidCommonRuntimeConfig` | N/A | Optional +* Retention rules | `druidRetentionRules` | | Optional @@ -85,16 +40,4 @@ Druid EC2 configuration | | | **Mandatory** (if the druidOperationPlatform is - - * Auto scaling group - -| `<Druid node type>` | | Mandatory - - * Rolling update policy - -| `rollingUpdatePolicy` | N/A | Optional - - * Auto scaling policy - -| ` autoScalingPolicy ` | N/A | Optional - - * Runtime configuration - -| `runtimeConfig` | N/A | Optional +* Auto scaling group | `<Druid node type>` | | Mandatory +* Rolling update policy | `rollingUpdatePolicy` | N/A | Optional +* Auto scaling policy | ` autoScalingPolicy ` | N/A | Optional +* Runtime configuration | `runtimeConfig` | N/A | Optional @@ -102,12 +45,3 @@ Druid EKS configuration | | | **Mandatory** (if the druidOperationPlatform is - - * EKS cluster configuration - -| `druidEksConfig` | | Mandatory - - * EC2 capacity provider configuration - -| `<nodeGroupName>` | | **Mandatory** (if capacityProviderType is EC2) - - * Fargate capacity provider configuration - -| `<druidProcessName>` | | **Mandatory** (if capacityProviderType is Fargate) +* EKS cluster configuration | `druidEksConfig` | | Mandatory +* EC2 capacity provider configuration | `<nodeGroupName>` | | **Mandatory** (if capacityProviderType is EC2) +* Fargate capacity provider configuration | `<druidProcessName>` | | **Mandatory** (if capacityProviderType is Fargate) @@ -173 +107 @@ The solution will provision an ALB to route requests to Druid query instances. I -The default setting creates a private Application Load Balancer (ALB). To access this private ALB, you can either use an AWS VPN or SSH tunneling via a bastion host. However, if the internetFacing parameter is set to true, the ALB will be publicly available. In such an instance, use the AWS WAF (Web Application Firewall) with your ALB to allow or block requests based on rules in a web access control list (web ACL). +The default setting creates a private Application Load Balancer (ALB). To access this private ALB, you can either use an AWS VPN or SSH tunneling via a bastion host. However, if the `internetFacing`` parameter is set to true, the ALB will be publicly available. In such an instance, use the AWS WAF (Web Application Firewall) with your ALB to allow or block requests based on rules in a web access control list (web ACL). @@ -194 +128 @@ With the following Route 53 configuration, this solution automatically creates a - "route53HostedZoneName": "<The hosted zone name in Route 53. eg. example.com>", + "route53HostedZoneName": "<The hosted zone name in Route 53. eg. example.com>", @@ -196 +130 @@ With the following Route 53 configuration, this solution automatically creates a - "route53HostedZoneId": "<The hosted zone ID in Route 53. eg. Z03935053V8YUTYYYEXXX>", + "route53HostedZoneId": "<The hosted zone ID in Route 53. eg. Z03935053V8YUTYYYEXXX>", @@ -208 +142 @@ With the following Route 53 configuration, this solution automatically creates a -If none of these configurations are set up, the solution assigns a generic Application Load Balancer (ALB) domain name for your Druid cluster which will expose HTTP protocol only. You have the flexibility to set up the domain outside of the solution. In such a case, you must configure the TLS certificate and the druidDomain to facilitate secure HTTPS access to the Druid cluster after the domain has been successfully set up. +If none of these configurations are set up, the solution assigns a generic Application Load Balancer (ALB) domain name for your Druid cluster which will expose HTTP protocol only. You have the flexibility to set up the domain outside of the solution. In such a case, you must configure the TLS certificate and the `druidDomain` to facilitate secure HTTPS access to the Druid cluster after the domain has been successfully set up. @@ -280 +214 @@ Example: Identity provider configuration to federate through Amazon Cognito. -You must configure the redirect URI on the IDP side as `https://<druid_domain>/druid-ext/druid-oidc/callback`. +You must configure the redirect URI on the IDP side as ` [https://<druid_domain>/druid-ext/druid-oidc/callback](https://<druid_domain>/druid-ext/druid-oidc/callback) `. @@ -286 +220 @@ You must configure the redirect URI on the IDP side as `https://<druid_domain>/d -Apache Druid release version (eg. 30.0.0) that you want to run. We recommend using the latest stable [Druid version](https://code.amazon.com/packages/Apjsb-druid-swift/trees/mainline#https://druid.apache.org/downloads.html). +Apache Druid release version (eg. 30.0.0) that you want to run. We recommend using the latest stable [Druid version](https://code.amazon.com/packages/Apjsb-druid-swift/trees/mainline#https://druid.apache). @@ -344 +278 @@ A list of Druid extensions to load into the cluster. To load the core extensions -It is the customer's responsibility to ensure the extension's security, performance, and compatibility. To uphold a robust security posture, we strongly advise consistently monitoring for new releases and promptly applying updates, thereby proactively addressing and mitigating any potential vulnerabilities. +It is the customer’s responsibility to ensure the extension’s security, performance, and compatibility. To uphold a robust security posture, we strongly advise consistently monitoring for new releases and promptly applying updates, thereby proactively addressing and mitigating any potential vulnerabilities. @@ -478 +412 @@ This section provides instructions on how to create a new Aurora metadata store -The solution will try to create two magic users, specifically `admin` and `druid_system`, to run internal operations if these users don't exist in the snapshot. If these users already exist in the snapshot, generate a secret in AWS Secrets Manager that includes both the username and password, and then proceed to integrate it into the metadata store configuration. If the secrets are encrypted by a KMS key, ensure that the KMS key permits access from AWS Secrets Manager to enable decryption of the secret. +The solution will try to create two magic users, specifically `admin` and `druid_system`, to run internal operations if these users don’t exist in the snapshot. If these users already exist in the snapshot, generate a secret in AWS Secrets Manager that includes both the username and password, and then proceed to integrate it into the metadata store configuration. If the secrets are encrypted by a KMS key, ensure that the KMS key permits access from AWS Secrets Manager to enable decryption of the secret. @@ -533 +467 @@ This section explains how to use your own PostgreSQL database for the metadata s -By default, this solution will enforce TLS for the database connectivity. If you're using non-public certificates, you must ensure the non-public certificates can be validated by the Druid system. +By default, this solution will enforce TLS for the database connectivity. If you’re using non-public certificates, you must ensure the non-public certificates can be validated by the Druid system.