AWS Security ChangesHomeSearch

AWS prescriptive-guidance documentation change

Service: prescriptive-guidance · 2025-04-11 · Documentation low

File: prescriptive-guidance/latest/security-reference-architecture/security-services.md

Summary

Updated quotation marks from smart quotes to regular quotes in two example questions

Security assessment

Purely typographical changes to standardize quote formatting, no security content modifications or vulnerability references

Diff

diff --git a/prescriptive-guidance/latest/security-reference-architecture/security-services.md b/prescriptive-guidance/latest/security-reference-architecture/security-services.md
index 9159f9316..567d378f7 100644
--- a//prescriptive-guidance/latest/security-reference-architecture/security-services.md
+++ b//prescriptive-guidance/latest/security-reference-architecture/security-services.md
@@ -14 +14 @@ As described in a [previous section](./value.html), customers are looking for an
-As a complement to this functional view, you can also view your security with a cross-cutting, structural view. That is, in addition to asking, “Which AWS services should I use to control and protect my identities, logical access, or threat detection mechanisms?”, you can also ask, “Which AWS services should I apply across my entire AWS organization? What are the layers of defense I should put in place to protect the Amazon EC2 instances at the core of my application?” In this view, you map AWS services and features to layers in your AWS environment. Some services and features are a great fit for implementing controls across your full AWS organization. For example, blocking public access to Amazon S3 buckets is a specific control at this layer. It should preferably be done at the root organization instead of being part of the individual account setup. Other services and features are best used to help protect individual resources within an AWS account. Implementing a subordinate certificate authority (CA) within an account that requires private TLS certificates is an example of this category. Another equally important grouping consists of services that have an effect on the virtual network layer of your AWS infrastructure. The following diagram shows six layers in a typical AWS environment: AWS organization, organizational unit (OU), account, network infrastructure, principals, and resources.
+As a complement to this functional view, you can also view your security with a cross-cutting, structural view. That is, in addition to asking, "Which AWS services should I use to control and protect my identities, logical access, or threat detection mechanisms?", you can also ask, "Which AWS services should I apply across my entire AWS organization? What are the layers of defense I should put in place to protect the Amazon EC2 instances at the core of my application?" In this view, you map AWS services and features to layers in your AWS environment. Some services and features are a great fit for implementing controls across your full AWS organization. For example, blocking public access to Amazon S3 buckets is a specific control at this layer. It should preferably be done at the root organization instead of being part of the individual account setup. Other services and features are best used to help protect individual resources within an AWS account. Implementing a subordinate certificate authority (CA) within an account that requires private TLS certificates is an example of this category. Another equally important grouping consists of services that have an effect on the virtual network layer of your AWS infrastructure. The following diagram shows six layers in a typical AWS environment: AWS organization, organizational unit (OU), account, network infrastructure, principals, and resources.
@@ -18 +18 @@ As a complement to this functional view, you can also view your security with a
-Understanding the services in this structural context, including the controls and protections at each layer, helps you plan and implement a defense-in-depth strategy across your AWS environment. With this perspective, you can answer questions both from the top down (for example, “Which services am I using to implement security controls across my entire AWS organization?”) and from the bottom up (for example, “Which services manage controls on this EC2 instance?”). In this section, we walk through the elements of an AWS environment and identify associated security services and features. Of course, some AWS services have broad feature sets and support multiple security objectives. These services might support multiple elements of your AWS environment.
+Understanding the services in this structural context, including the controls and protections at each layer, helps you plan and implement a defense-in-depth strategy across your AWS environment. With this perspective, you can answer questions both from the top down (for example, "Which services am I using to implement security controls across my entire AWS organization?") and from the bottom up (for example, "Which services manage controls on this EC2 instance?"). In this section, we walk through the elements of an AWS environment and identify associated security services and features. Of course, some AWS services have broad feature sets and support multiple security objectives. These services might support multiple elements of your AWS environment.