AWS Security ChangesHomeSearch

AWS solutions documentation change

Service: solutions · 2025-03-30 · Documentation low

File: solutions/latest/connected-mobility-solution-on-aws/features-and-benefits.md

Summary

Added multi-account deployment details, restructured security sections (OAuth 2.0, RBAC, network security), expanded authentication documentation, and added new fleet management UI section

Security assessment

Changes enhance documentation of security features including Role-Based Access Control, cross-account authorization, and authentication mechanisms, but no evidence of addressing specific vulnerabilities

Diff

diff --git a/solutions/latest/connected-mobility-solution-on-aws/features-and-benefits.md b/solutions/latest/connected-mobility-solution-on-aws/features-and-benefits.md
index 54519d9e1..418d9aa64 100644
--- a/solutions/latest/connected-mobility-solution-on-aws/features-and-benefits.md
+++ b/solutions/latest/connected-mobility-solution-on-aws/features-and-benefits.md
@@ -16,0 +17,4 @@ Deploying a complex modular system demands a well-defined and streamlined method
+**Multi-Account Multi-Region Deployments**
+
+The Automotive Cloud Developer Portal provides an optional feature that allows user to deploy modules through Backstage into other AWS accounts and regions. Users can select target accounts and regions at deploy time. This is supported by AWS Control Tower, and required a more advanced deployment structure to support cross-account authorization.
+
@@ -21,3 +25 @@ CMS on AWS provides a mechanism to associate deployments of CMS on AWS modules w
-**OAuth 2.0 authentication**
-
-CMS on AWS provides a default deployment of authentication infrastructure through [Amazon Cognito](https://aws.amazon.com/cognito/) or the ability to integrate with customer’s own IdP services. The IdP chosen can be used for both CMS on AWS users and services to authenticate by retrieving access tokens and JSON Web Tokens (JWTs). CMS on AWS then provides the means to validate the integrity of access tokens with the chosen IdP. The chosen IdP can be used to sign in users to the Backstage portal.
+**OAuth 2.0 Authentication**
@@ -25 +27 @@ CMS on AWS provides a default deployment of authentication infrastructure throug
-**Network security**
+CMS on AWS provides a default deployment of authentication infrastructure through [Amazon Cognito](https://aws.amazon.com/cognito/) or the ability to integrate with customer’s own IdP services. The IdP chosen can be used for both CMS on AWS users and services to authenticate by retrieving access tokens and JSON Web Tokens (JWTs). CMS on AWS then provides the means to validate the integrity of access tokens with the chosen IdP. The chosen IdP is also used to authenticate (e.g. sign in) users to the Backstage portal.
@@ -27 +29 @@ CMS on AWS provides a default deployment of authentication infrastructure throug
-CMS on AWS provides a default VPC or the ability to bring your own VPC to secure the AWS resources deployed in your account. The default VPC provides public, private and isolated subnets in two Availability Zones (AZs). This enables a highly available and secure cloud network. Modules then use these subnets to manage security accordingly.
+**Role-Based Access Control Authorization**
@@ -29 +31 @@ CMS on AWS provides a default VPC or the ability to bring your own VPC to secure
-**Vehicle provisioning**
+The ACDP / Backstage deployment within CMS on AWS includes authorization by default that protects access to all parts of the Backstage system, including for authenticated users. Users can be granted permissions, defined by Backstage and plugin creators, to access different parts of the Backstage frontend and backend APIs. Permissions are grouped into roles, which can be assigned to users and groups, all via a user friendly UI. Although advanced user and group creation and management is not yet supported, all authenticated users who successfully sign-in to the Backstage portal will have a user created for them which can be given authorization permissions.
@@ -31 +33 @@ CMS on AWS provides a default VPC or the ability to bring your own VPC to secure
-CMS on AWS registers vehicles as AWS IoT Core things to help you securely monitor vehicles, their certificates, and their policies. Vehicle provisioning begins by registering with a claim certificate that the solution generates during deployment. The claim certificate includes a provisioning template that configures AWS IoT Core thing, certificate, and policy creation. After the certificate is registered, the solution provides provisioned vehicles an individual certificate and public/private key pair, which you can use to connect repeatedly in the future. This is the process defined by [fleet provisioning](https://docs.aws.amazon.com/iot/latest/developerguide/provision-wo-cert.html).
+**Network Security**
@@ -33 +35 @@ CMS on AWS registers vehicles as AWS IoT Core things to help you securely monito
-  * Storage*
+CMS on AWS provides a default VPC or the ability to bring your own VPC to secure the AWS resources deployed in your account. The default VPC provides public, private and isolated subnets in two Availability Zones (AZs). This enables a highly available and secure cloud network. Modules then use these subnets to manage security accordingly.
@@ -34,0 +37 @@ CMS on AWS registers vehicles as AWS IoT Core things to help you securely monito
+**Vehicle Provisioning**
@@ -35,0 +39 @@ CMS on AWS registers vehicles as AWS IoT Core things to help you securely monito
+CMS on AWS registers vehicles as AWS IoT Core things to help you securely monitor vehicles, their certificates, and their policies. Vehicle provisioning begins by registering with a claim certificate that the solution generates during deployment. The claim certificate includes a provisioning template that configures AWS IoT Core thing, certificate, and policy creation. After the certificate is registered, the solution provides provisioned vehicles an individual certificate and public/private key pair, which you can use to connect repeatedly in the future. This is the process defined by [fleet provisioning](https://docs.aws.amazon.com/iot/latest/developerguide/provision-wo-cert.html).
@@ -36,0 +41 @@ CMS on AWS registers vehicles as AWS IoT Core things to help you securely monito
+**Storage**
@@ -44,4 +49 @@ CMS on AWS provides the ability to query vehicle data stored within the solution
-  * Alerts*
-
-
-
+**Alerts**
@@ -51 +53 @@ CMS on AWS provides the ability to send alerts based on customizable user subscr
-**Electric Vehicle battery health**
+**Electric Vehicle Battery Health**
@@ -59 +61 @@ For both developers and customers, it is important to have a method for generati
-**Metric and cost monitoring**
+**Metric and Cost Monitoring**
@@ -63 +65 @@ This solution includes a [Service Catalog AppRegistry](https://docs.aws.amazon.c
-**Predictive maintenance**
+**Predictive Maintenance**
@@ -66,0 +69,4 @@ CMS on AWS provides an MLOps infrastructure that offers the capability to train,
+**Fleet management UI**
+
+CMS on AWS provides a user interface that offers the capability to manage vehicles and fleets in AWS IoT FleetWise. Additionally, you can build out widgets and insert them into the UI to monitor your fleet and vehicle via captured telemetry.
+