AWS managedservices documentation change
Summary
Updated QuickSight branding and added details about Trusted Remediator-deployed resources including S3 logging bucket and AppConfig application
Security assessment
The change documents infrastructure (S3 logging bucket) used for security-relevant remediation logs, but does not address a specific vulnerability or weakness. Clarifying resource deployment locations improves operational awareness but lacks explicit security controls discussion.
Diff
diff --git a/managedservices/latest/accelerate-guide/tr-faq.md b/managedservices/latest/accelerate-guide/tr-faq.md index 32bce40d3..89e50e58d 100644 --- a//managedservices/latest/accelerate-guide/tr-faq.md +++ b//managedservices/latest/accelerate-guide/tr-faq.md @@ -11 +11 @@ When a non-compliance is identified by Trusted Advisor, Trusted Remediator respo -You have access to Trusted Advisor checks as part of your existing Enterprise Support plan. Trusted Remediator integrates with Trusted Advisor leverage existing AMS automation capabilities. Specifically, AMS uses AWS Systems Manager automation documents (runbooks) for automated remediations. AWS AppConfig is used to configure the remediation workflows. You can view all the current and past remediations through the Systems Manager OpsCenter. The remediation logs are stored in an Amazon S3 bucket. You can use the logs to import and build custom reporting dashboards in Amazon QuickSight. +You have access to Trusted Advisor checks as part of your existing Enterprise Support plan. Trusted Remediator integrates with Trusted Advisor leverage existing AMS automation capabilities. Specifically, AMS uses AWS Systems Manager automation documents (runbooks) for automated remediations. AWS AppConfig is used to configure the remediation workflows. You can view all the current and past remediations through the Systems Manager OpsCenter. The remediation logs are stored in an Amazon S3 bucket. You can use the logs to import and build custom reporting dashboards in QuickSight. @@ -60,0 +61,11 @@ Some Trusted Advisor checks might have the same rule in AWS Config. It's a best +Trusted Remediator deploys the following resources in the Trusted Remediator delegated administrator account: + + * An Amazon S3 bucket named `ams-trusted-remediator-{your-account-id}-logs`. Trusted Remediator creates the `Remediation item log` in JSON format when a remediation OpsItem is created, and uploads the log files to this bucket. + + * An AWS AppConfig application to hold the remediation configurations for supported Trusted Advisor checks. + + + + +Trusted Remediator doesn't deploy resources in the Trusted Remediator member account. +