AWS Security ChangesHomeSearch

AWS devicefarm documentation change

Service: devicefarm · 2025-03-26 · Documentation medium

File: devicefarm/latest/developerguide/infrastructure-security.md

Summary

Added VPC security guidance with security groups and network ACLs for desktop browser testing

Security assessment

Enhanced documentation about securing test instances but no specific vulnerability addressed

Diff

diff --git a/devicefarm/latest/developerguide/infrastructure-security.md b/devicefarm/latest/developerguide/infrastructure-security.md
index 06329dd74..09b9dd20a 100644
--- a/devicefarm/latest/developerguide/infrastructure-security.md
+++ b/devicefarm/latest/developerguide/infrastructure-security.md
@@ -38 +38 @@ All traffic to Selenium WebDriver controllers must be made through the HTTPS end
-The desktop browser testing feature does not support Amazon VPC endpoint configuration at this time. You are responsible for making sure that each Device Farm test instance has secure access to resources it tests.
+You are responsible for making sure that each Device Farm test instance has secure access to resources it tests. By default, Device Farm's desktop browser testing instances have access to the public internet. When you attach your instance to a VPC, it behaves like any other EC2 instance, with access to resources determined by the VPC's configuration and its associated networking components. AWS provides [security groups](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-security-groups.html) and [network Access Control Lists (ACLs)](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html) to increase security in your VPC. Security groups control inbound and outbound traffic for your resources, and network ACLs control inbound and outbound traffic for your subnets. Security groups provide enough access control for most subnets. You can use network ACLs if you want an additional layer of security for your VPC. For general guidelines on security best practices when using Amazon VPCs, see [security best practices ](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-security-best-practices.html) for your VPC in the  _Amazon Virtual Private Cloud User Guide_.