AWS Security ChangesHomeSearch

AWS deadline-cloud documentation change

Service: deadline-cloud · 2025-04-23 · Documentation low

File: deadline-cloud/latest/userguide/submitter.md

Summary

Added security best practices reference, expanded OS support to include MacOS, consolidated software verification steps into a linked security document, and updated installation instructions for multiple platforms.

Security assessment

The changes include adding a link to security best practices for workstation security and consolidating installer verification procedures into a dedicated security guide. While these updates improve security documentation accessibility, there is no evidence of addressing a specific vulnerability. The removal of OS restrictions and addition of MacOS support are feature enhancements unrelated to security.

Diff

diff --git a/deadline-cloud/latest/userguide/submitter.md b/deadline-cloud/latest/userguide/submitter.md
index 266a83d36..fe44de4cd 100644
--- a//deadline-cloud/latest/userguide/submitter.md
+++ b//deadline-cloud/latest/userguide/submitter.md
@@ -16,0 +17,2 @@ Each workstation must have the DCC installed before installing the corresponding
+We provide reasonable defaults for keeping workstations secure. For more information about securing your workstation, see [Security best practices \- workstations](https://docs.aws.amazon.com/security-best-practices.html#workstations).
+
@@ -36 +38 @@ The following sections guide you through the steps to install the Deadline Cloud
-Before you can install the Deadline Cloud submitter, you must download the submitter installer. Currently, the Deadline Cloud submitter installer only supports Windows and Linux.
+Before you can install the Deadline Cloud submitter, you must download the submitter installer.
@@ -42,148 +44 @@ Before you can install the Deadline Cloud submitter, you must download the submi
-  3. Locate the **Deadline Cloud submitter installer** section.
-
-  4. Select the **installer** for your computer's operating system, and then choose **Download**.
-
-
-
-
-### (Optional) Verify the authenticity of the downloaded software
-
-To verify that the software you downloaded is authentic, use the following procedure for either Windows or Linux. You might want to do this to ensure no one has tampered with the files during or after the download process.
-
-You can use these instructions to first verify the installer, and then verify the Deadline Cloud monitor after you download it in  Step 2: Install and set up Deadline Cloud monitor.
-
-Windows
-    
-
-To verify the authenticity of your downloaded files, complete the following steps.
-
-  1. In the following command, replace ``file`` with the file that you want to verify. For example, ` `C:\PATH\TO\MY\`DeadlineCloudSubmitter-windows-x64-installer.exe `. Also, replace ``signtool-sdk-version`` with the version of the SignTool SDK installed. For example, `10.0.22000.0`.
-
-`"C:\Program Files (x86)\Windows Kits\10\bin\`signtool-sdk-version`\x86\signtool.exe" verify /v`file``
-
-  2. For example, you can verify the Deadline Cloud submitter installer file by running the following command:
-
-`"C:\Program Files (x86)\Windows Kits\10\bin\10.0.22000.0\x86\signtool.exe" verify /v DeadlineCloudSubmitter-windows-x64-installer.exe`
-
-
-
-
-Linux
-    
-
-To verify the authenticity of your downloaded files, use the `gpg` command line tool.
-
-  1. Import the `OpenPGP` key by running the following command:
-    
-         gpg --import --armor <<EOF
-    -----BEGIN PGP PUBLIC KEY BLOCK-----
-    
-    mQINBGX6GQsBEADduUtJgqSXI+q76O6fsFwEYKmbnlyL0xKvlq32EZuyv0otZo5L
-    le4m5Gg52AzrvPvDiUTLooAlvYeozaYyirIGsK08Ydz0Ftdjroiuh/mw9JSJDJRI
-    rnRn5yKet1JFezkjopA3pjsTBP6lW/mb1bDBDEwwwtH0x9lV7A03FJ9T7Uzu/qSh
-    qO/UYdkafro3cPASvkqgDt2tCvURfBcUCAjZVFcLZcVD5iwXacxvKsxxS/e7kuVV
-    I1+VGT8Hj8XzWYhjCZxOLZk/fvpYPMyEEujN0fYUp6RtMIXve0C9awwMCy5nBG2J
-    eE2Ol5DsCpTaBd4Fdr3LWcSs8JFA/YfP9auL3NczOozPoVJt+fw8CBlVIXO0J7l5
-    hvHDjcC+5v0wxqAlMG6+f/SX7CT8FXK+L3iOJ5gBYUNXqHSxUdv8kt76/KVmQa1B
-    Akl+MPKpMq+lhw++S3G/lXqwWaDNQbRRw7dSZHymQVXvPp1nsqc3hV7KlOM+6s6g
-    1g4mvFY4lf6DhptwZLWyQXU8rBQpojvQfiSmDFrFPWFi5BexesuVnkGIolQoklKx
-    AVUSdJPVEJCteyy7td4FPhBaSqT5vW3+ANbr9b/uoRYWJvn17dN0cc9HuRh/Ai+I
-    nkfECo2WUDLZ0fEKGjGyFX+todWvJXjvc5kmE9Ty5vJp+M9Vvb8jd6t+mwARAQAB
-    tCxBV1MgRGVhZGxpbmUgQ2xvdWQgPGF3cy1kZWFkbGluZUBhbWF6b24uY29tPokC
-    VwQTAQgAQRYhBLhAwIwpqQeWoHH6pfbNPOa3bzzvBQJl+hkLAxsvBAUJA8JnAAUL
-    CQgHAgIiAgYVCgkICwIDFgIBAh4HAheAAAoJEPbNPOa3bzzvKswQAJXzKSAY8sY8
-    F6Eas2oYwIDDdDurs8FiEnFghjUEO6MTt9AykF/jw+CQg2UzFtEyObHBymhgmhXE
-    3buVeom96tgM3ZDfZu+sxi5pGX6oAQnZ6riztN+VpkpQmLgwtMGpSMLl3KLwnv2k
-    WK8mrR/fPMkfdaewB7A6RIUYiW33GAL4KfMIs8/vIwIJw99NxHpZQVoU6dFpuDtE
-    1OuxGcCqGJ7mAmo6H/YawSNp2Ns80gyqIKYo7o3LJ+WRroIRlQyctq8gnR9JvYXX
-    42ASqLq5+OXKo4qh81blXKYqtc176BbbSNFjWnzIQgKDgNiHFZCdcOVgqDhwO15r
-    NICbqqwwNLj/Fr2kecYx180Ktpl0jOOw5IOyh3bf3MVGWnYRdjvA1v+/CO+55N4g
-    z0kf50Lcdu5RtqV10XBCifn28pecqPaSdYcssYSRl5DLiFktGbNzTGcZZwITTKQc
-    af8PPdTGtnnb6P+cdbW3bt9MVtN5/dgSHLThnS8MPEuNCtkTnpXshuVuBGgwBMdb
-    qUC+HjqvhZzbwns8dr5WI+6HWNBFgGANn6ageYl58vVp0UkuNP8wcWjRARciHXZx
-    ku6W2jPTHDWGNrBQO2Fx7fd2QYJheIPPAShHcfJO+xgWCof45D0vAxAJ8gGg9Eq+
-    gFWhsx4NSHn2gh1gDZ41Ou/4exJ1lwPM
-    =uVaX
-    -----END PGP PUBLIC KEY BLOCK-----
-    EOF
-
-  2. Determine whether to trust the `OpenPGP` key. Some factors to consider when deciding whether to trust the above key include the following:
-
-     * The internet connection you’ve used to obtain the GPG key from this website is secure.
-
-     * The device that you are accessing this website on is secure.
-
-     * AWS has taken measures to secure the hosting of the `OpenPGP` public key on this website.
-
-  3. If you decide to trust the OpenPGP key, edit the key to trust with `gpg` similar to the following example:
-    
-        $ gpg --edit-key 0xB840C08C29A90796A071FAA5F6CD3CE6B76F3CEF
-    
-        gpg (GnuPG) 2.0.22; Copyright (C) 2013 Free Software Foundation, Inc.
-        This is free software: you are free to change and redistribute it.
-        There is NO WARRANTY, to the extent permitted by law.
-    
-    
-        pub  4096R/4BF0B8D2  created: 2023-06-23  expires: 2025-06-22  usage: SCEA
-                             trust: unknown       validity: unknown
-        [ unknown] (1). AWS Deadline Cloud [email protected]
-    
-        gpg> trust
-        pub  4096R/4BF0B8D2  created: 2023-06-23  expires: 2025-06-22  usage: SCEA
-                             trust: unknown       validity: unknown
-        [ unknown] (1). AWS Deadline Cloud [email protected]
-    
-        Please decide how far you trust this user to correctly verify other users' keys
-        (by looking at passports, checking fingerprints from different sources, etc.)
-    
-          1 = I don't know or won't say
-          2 = I do NOT trust
-          3 = I trust marginally
-          4 = I trust fully
-          5 = I trust ultimately
-          m = back to the main menu
-    
-        Your decision? 5
-        Do you really want to set this key to ultimate trust? (y/N) y
-    
-        pub  4096R/4BF0B8D2  created: 2023-06-23  expires: 2025-06-22  usage: SCEA
-                             trust: ultimate      validity: unknown
-        [ unknown] (1). AWS Deadline Cloud [email protected]
-        Please note that the shown key validity is not necessarily correct
-        unless you restart the program.
-    
-        gpg> quit
-
-  4. ###### Verify the Deadline Cloud submitter installer
-
-To verify the Deadline Cloud submitter installer, complete the following steps:
-
-    1. Return to the Deadline Cloud [console](https://console.aws.amazon.com/deadlinecloud/home) **Downloads** page and download the signature file for the Deadline Cloud submitter installer.
-
-    2. Verify the signature of the Deadline Cloud submitter installer by running:
-        
-                gpg --verify ./DeadlineCloudSubmitter-linux-x64-installer.run.sig ./DeadlineCloudSubmitter-linux-x64-installer.run
-
-  5. ###### Verify the Deadline Cloud monitor
-
-###### Note
-
-You can verify the Deadline Cloud monitor download using signature files or platform specific methods. For platform specific methods, see the Linux (Debian) tab, the Linux (RPM) tab, or the Linux (AppImage) tab based on your downloaded file type. 
-
-To verify the Deadline Cloud monitor desktop application with signature files, complete the following steps:
-
-    1. Return to the Deadline Cloud [console](https://console.aws.amazon.com/deadlinecloud/home) **Downloads** page and download the corresponding .sig file, and then run
-
-**For .deb:**
-        
-                gpg --verify ./deadline-cloud-monitor_<APP_VERSION>_amd64.deb.sig ./deadline-cloud-monitor_<APP_VERSION>_amd64.deb
-
-**For .rpm:**
-        
-                gpg --verify ./deadline-cloud-monitor_<APP_VERSION>_x86_64.deb.sig ./deadline-cloud-monitor_<APP_VERSION>_x86_64.rpm
-
-**For .AppImage:**
-        
-                gpg --verify ./deadline-cloud-monitor_<APP_VERSION>_amd64.AppImage.sig ./deadline-cloud-monitor_<APP_VERSION>_amd64.AppImage
-
-    2. Confirm that the output looks similar to the following:
+  3. From the Deadline Cloud submitter installer section, select the **installer** for your computer's operating system, and then choose **Download**.
@@ -191,74 +46 @@ To verify the Deadline Cloud monitor desktop application with signature files, c
-`gpg: Signature made Mon Apr 1 21:10:14 2024 UTC`
-
-`gpg: using RSA key B840C08C29A90796A071FAA5F6CD3CE6B7`
-
-If the output contains the phrase `Good signature from "AWS Deadline Cloud"`, it means that the signature has successfully been verified and you can run the Deadline Cloud monitor installation script.
-
-
-
-
-Linux (AppImage)
-    
-
-To verify packages that use a Linux .AppImage binary, first complete steps 1-3 in the Linux tab, then complete the following steps.
-
-  1. From the AppImageUpdate [page](https://github.com/AppImageCommunity/AppImageUpdate/releases/tag/continuous) in GitHub, download the **validate-x86_64.AppImage** file.
-
-  2. After downloading the file, to add execute permissions, run the following command.
-    
-        chmod a+x ./validate-x86_64.AppImage
-
-  3. To add execute permissions, run the following command.
-    
-        chmod a+x ./deadline-cloud-monitor_<APP_VERSION>_amd64.AppImage
-
-  4. To verify the Deadline Cloud monitor signature, run the following command.
-    
-        ./validate-x86_64.AppImage ./deadline-cloud-monitor_<APP_VERSION>_amd64.AppImage
-
-If the output contains the phrase `Validation successful`, it means that the signature has successfully been verified and you can safely run the Deadline Cloud monitor installation script.
-
-
-
-
-Linux (Debian)
-    
-
-To verify packages that use a Linux .deb binary, first complete steps 1-3 in the Linux tab.
-
-**dpkg** is the core package management tool in most debian based Linux distributions. You can verify the .deb file with the tool.