AWS guardduty documentation change
Summary
Updated documentation links to point to official Amazon EKS Best Practices Guide URLs instead of GitHub repository links. Fixed formatting of guide references (changed &EKS; to __Amazon EKS User Guide__). Corrected a typo ('identyifying' to 'identifying').
Security assessment
Changes improve references to security best practices and incident response procedures but do not address a specific disclosed vulnerability. Updates enhance existing security documentation quality.
Diff
diff --git a/guardduty/latest/ug/guardduty-remediate-kubernetes.md b/guardduty/latest/ug/guardduty-remediate-kubernetes.md index 2ccc5d35c..1baed7f51 100644 --- a/guardduty/latest/ug/guardduty-remediate-kubernetes.md +++ b/guardduty/latest/ug/guardduty-remediate-kubernetes.md @@ -32 +32 @@ Before Kubernetes version 1.14, the `system:unauthenticated` group was associate -For more information about removing these permissions, see [Security best practices for Amazon EKS](https://docs.aws.amazon.com/eks/latest/userguide/security-best-practices.html) in the _Amazon EKS User Guide_. +For more information about removing these permissions, see [Secure Amazon EKS clusters with best practices](https://docs.aws.amazon.com/eks/latest/userguide/security-best-practices.html) in the __Amazon EKS User Guide__. @@ -95 +95 @@ You can use Amazon Detective to further investigate the IAM role or user identif -**AWS-Auth ConfigMap defined user** – An IAM user that was granted access through an AWS-auth ConfigMap. For more information, see [Managing users or IAM roles for your cluster](https://docs.aws.amazon.com/eks/latest/userguide/add-user-role.html) in the &EKS; user guide. You can review their permissions using the following command: `kubectl edit configmaps aws-auth --namespace kube-system` +**AWS-Auth ConfigMap defined user** – An IAM user that was granted access through an AWS-auth ConfigMap. For more information, see [Managing users or IAM roles for your cluster](https://docs.aws.amazon.com/eks/latest/userguide/add-user-role.html) in the __Amazon EKS User Guide__. You can review their permissions using the following command: `kubectl edit configmaps aws-auth --namespace kube-system` @@ -174 +174 @@ If the `type` field inside the `resource.kubernetesDetails.kubernetesWorkloadDet -For information about identifying the worker node running the pods, see [Identify the offending pods and worker node](https://aws.github.io/aws-eks-best-practices/security/docs/incidents/#identify-the-offending-pod-and-worker-node). +For information about identifying the worker node running the pods, see [Identify the offending pods and worker node](https://docs.aws.amazon.com/eks/latest/best-practices/incident-response-and-forensics.html#_identify_the_offending_pod_and_worker_node) in the _Amazon EKS Best Practices Guide_. @@ -181 +181 @@ If the `type` field inside the `resource.kubernetesDetails.kubernetesWorkloadDet -For information about identifying all the pods of the workload resource and the nodes on which they are running, see [Identify the offending pods and worker nodes using workload name](https://aws.github.io/aws-eks-best-practices/security/docs/incidents/#identify-the-offending-pods-and-worker-nodes-using-workload-name). +For information about identifying all the pods of the workload resource and the nodes on which they are running, see [Identify the offending pods and worker nodes using workload name](https://docs.aws.amazon.com/eks/latest/best-practices/incident-response-and-forensics.html#_identify_the_offending_pods_and_worker_nodes_using_workload_name) in the _Amazon EKS Best Practices Guide_. @@ -188 +188 @@ If a GuardDuty finding identifies a Service Account in the `resource.kubernetesD -For information about identyifying all the pods using the service account and the nodes on which they are running, see [Identify the offending pods and worker nodes using service account name](https://aws.github.io/aws-eks-best-practices/security/docs/incidents/#identify-the-offending-pods-and-worker-nodes-using-service-account-name). +For information about identifying all the pods using the service account and the nodes on which they are running, see [Identify the offending pods and worker nodes using service account name](https://docs.aws.amazon.com/eks/latest/best-practices/incident-response-and-forensics.html#_identify_the_offending_pods_and_worker_nodes_using_service_account_name) in the _Amazon EKS Best Practices Guide_. @@ -190 +190 @@ For information about identyifying all the pods using the service account and th -After you have identified all the compromised pods and the nodes on which they are running, see [Amazon EKS best practices guide](https://aws.github.io/aws-eks-best-practices/security/docs/incidents/#isolate-the-pod-by-creating-a-network-policy-that-denies-all-ingress-and-egress-traffic-to-the-pod) to isolate the pod, rotate its credentials, and gather data for forensic analysis. +After you have identified all the compromised pods and the nodes on which they are running, see [Isolate the pod by creating a network policy that denies all ingress and egress traffic to the pod](https://docs.aws.amazon.com/eks/latest/best-practices/incident-response-and-forensics.html#_isolate_the_pod_by_creating_a_network_policy_that_denies_all_ingress_and_egress_traffic_to_the_pod) in the _Amazon EKS Best Practices Guide_. @@ -200 +200 @@ After you have identified all the compromised pods and the nodes on which they a -For more information, see [Redeploy compromised pod or workload resource](https://github.com/aws/aws-eks-best-practices/blob/master/content/security/docs/incidents.md#redeploy-compromised-pod-or-workload-resource). +For more information, see [Redeploy compromised pod or workload resource](https://docs.aws.amazon.com/eks/latest/best-practices/incident-response-and-forensics.html#_redeploy_compromised_pod_or_workload_resource) in the _Amazon EKS Best Practices Guide_. @@ -217 +217 @@ When a GuardDuty finding indicates a pod compromise, the image used to launch th -For more information, see [Identify pods with potentially vulnerable or compromised container images and worker nodes](https://aws.github.io/aws-eks-best-practices/security/docs/incidents/#identify-pods-with-vulnerable-or-compromised-images-and-worker-nodes). +For more information, see [Identify pods with vulnerable or compromised images and worker nodes](https://docs.aws.amazon.com/eks/latest/best-practices/incident-response-and-forensics.html#_identify_pods_with_vulnerable_or_compromised_images_and_worker_nodes) in the _Amazon EKS Best Practices Guide_. @@ -219 +219 @@ For more information, see [Identify pods with potentially vulnerable or compromi - 3. Isolate the potentially compromised pods, rotate credentials, and gather data for analysis. For more information, see [Amazon EKS best practices guide](https://aws.github.io/aws-eks-best-practices/security/docs/incidents/#isolate-the-pod-by-creating-a-network-policy-that-denies-all-ingress-and-egress-traffic-to-the-pod). + 3. Isolate the potentially compromised pods, rotate credentials, and gather data for analysis. For more information, see [Isolate the pod by creating a network policy that denies all ingress and egress traffic to the pod](https://docs.aws.amazon.com/eks/latest/best-practices/incident-response-and-forensics.html#_isolate_the_pod_by_creating_a_network_policy_that_denies_all_ingress_and_egress_traffic_to_the_pod) in the _Amazon EKS Best Practices Guide_. @@ -238 +238 @@ A finding indicates the use of a privileged container if one or more of the cont -For more information, see [Amazon EKS best practices guide](https://aws.github.io/aws-eks-best-practices/security/docs/incidents/#isolate-the-pod-by-creating-a-network-policy-that-denies-all-ingress-and-egress-traffic-to-the-pod). +For more information, see [Isolate the pod by creating a network policy that denies all ingress and egress traffic to the pod](https://docs.aws.amazon.com/eks/latest/best-practices/incident-response-and-forensics.html#_isolate_the_pod_by_creating_a_network_policy_that_denies_all_ingress_and_egress_traffic_to_the_pod) in the _Amazon EKS Best Practices Guide_.