AWS md documentation change
Summary
Minor text edits including fixing 'Third party' to 'Third-party', changing 'segregation' to 'separation', and updating punctuation and formatting
Security assessment
The changes are purely editorial improvements to grammar, punctuation, and word choice. No new security information is added or modified.
Diff
diff --git a/solutions/latest/scalable-analytics-using-apache-druid-on-aws/security-best-practices.md b/solutions/latest/scalable-analytics-using-apache-druid-on-aws/security-best-practices.md index fb6e51931..ea1a697be 100644 --- a/solutions/latest/scalable-analytics-using-apache-druid-on-aws/security-best-practices.md +++ b/solutions/latest/scalable-analytics-using-apache-druid-on-aws/security-best-practices.md @@ -5 +5 @@ -User authentication and authorizationDomain and TLS certificateThird party extensionsDeploy the solution into existing VPCAMI securityPublic and private mode for EKS cluster endpointEKS master IAM role +User authentication and authorizationDomain and TLS certificateThird-party extensionsDeploy the solution into existing VPCAMI securityPublic and private mode for EKS cluster endpointEKS master IAM role @@ -46 +46 @@ The solution offers the flexibility to deploy into an existing VPC. When opting -Whether a subnet is public or private refers to whether traffic within the subnet is routed through an internet gateway. Public subnets have a route table entry to the internet through the internet gateway, but private subnets do not have this entry. Isolated subnets have no routes to destinations outside its VPC. For more information about subnet types, refer to the definition of [subnet types](https://docs.aws.amazon.com/vpc/latest/userguide/configure-subnets.html#subnet-types). This strategic subnet arrangement allows for optimal segregation of component; the RDS database clusters operate in the isolated subnets, Druid nodes in the private subnets, and the load balancer is positioned in the public subnets. This architecture enhances security and scalability by appropriately isolating different layers of the infrastructure. +Whether a subnet is public or private refers to whether traffic within the subnet is routed through an internet gateway. Public subnets have a route table entry to the internet through the internet gateway, but private subnets do not have this entry. Isolated subnets have no routes to destinations outside its VPC. For more information about subnet types, refer to the definition of [subnet types](https://docs.aws.amazon.com/vpc/latest/userguide/configure-subnets.html#subnet-types). This strategic subnet arrangement allows for optimal separation of component; the RDS database clusters operate in the isolated subnets, Druid nodes in the private subnets, and the load balancer is positioned in the public subnets. This architecture enhances security and scalability by appropriately isolating different layers of the infrastructure. @@ -65 +65 @@ The solution also supports the flexibility to bring your own AMI. It is importan -Amazon EKS offers public-only, public-and-private, and private-only cluster endpoint modes. The default mode is configured to be private-only in the solution, however we recommend configuring cluster endpoint in public and private mode. This option allows Kubernetes API calls within your cluster's VPC (such as node-to-control-plane communication) to use the private VPC endpoint and traffic to remain within your cluster's VPC. +Amazon EKS offers public-only, public-and-private, and private-only cluster endpoint modes. The default mode is configured to be private-only in the solution, however we recommend configuring cluster endpoint in public and private mode. This option allows Kubernetes API calls within your cluster’s VPC (such as node-to-control-plane communication) to use the private VPC endpoint and traffic to remain within your cluster’s VPC. @@ -71 +71 @@ You can access your cluster API server from the internet. However, we strongly r -For EKS deployment, the solution requires the user to supply an ARN for the EKS master role. This role, serving as the IAM principal responsible for creating the cluster, is automatically endowed with `system:masters` permissions within the cluster's Role-Based Access Control (RBAC) configuration in the Amazon EKS control panel. For more guidance on how to secure the access for this role, refer to the [EKS best practices](https://aws.github.io/aws-eks-best-practices/security/docs/iam/#create-the-cluster-with-a-dedicated-iam-role) topic. +For EKS deployment, the solution requires the user to supply an ARN for the EKS master role. This role, serving as the IAM principal responsible for creating the cluster, is automatically endowed with `system:masters` permissions within the cluster’s Role-Based Access Control (RBAC) configuration in the Amazon EKS control panel. For more guidance on how to secure the access for this role, refer to the [EKS best practices](https://aws.github.io/aws-eks-best-practices/security/docs/iam/#create-the-cluster-with-a-dedicated-iam-role) topic.