AWS Security ChangesHomeSearch

AWS managedservices documentation change

Service: managedservices · 2025-05-10 · Documentation low

File: managedservices/latest/userguide/tr-faq.md

Summary

Added details about resources deployed by Trusted Remediator (S3 bucket for logs, AppConfig application) and clarified deployment scope

Security assessment

The change documents logging infrastructure (S3 bucket for remediation logs) which supports security auditing capabilities. While this enhances transparency about security-related resources, there is no evidence of addressing a specific vulnerability.

Diff

diff --git a/managedservices/latest/userguide/tr-faq.md b/managedservices/latest/userguide/tr-faq.md
index d460cf2a7..fec5d1c77 100644
--- a//managedservices/latest/userguide/tr-faq.md
+++ b//managedservices/latest/userguide/tr-faq.md
@@ -11 +11 @@ When a non-compliance is identified by Trusted Advisor, Trusted Remediator respo
-You have access to Trusted Advisor checks as part of your existing Enterprise Support plan. Trusted Remediator integrates with Trusted Advisor leverage existing AMS automation capabilities. Specifically, AMS uses AWS Systems Manager automation documents (runbooks) for automated remediations. AWS AppConfig is used to configure the remediation workflows. You can view all the current and past remediations through the Systems Manager OpsCenter. The remediation logs are stored in an Amazon S3 bucket. You can use the logs to import and build custom reporting dashboards in Amazon QuickSight.
+You have access to Trusted Advisor checks as part of your existing Enterprise Support plan. Trusted Remediator integrates with Trusted Advisor leverage existing AMS automation capabilities. Specifically, AMS uses AWS Systems Manager automation documents (runbooks) for automated remediations. AWS AppConfig is used to configure the remediation workflows. You can view all the current and past remediations through the Systems Manager OpsCenter. The remediation logs are stored in an Amazon S3 bucket. You can use the logs to import and build custom reporting dashboards in QuickSight.
@@ -26,0 +27,11 @@ You can continue to reach out to AMS through Operations On Demand (OOD) for unsu
+Trusted Remediator deploys the following resources in the Trusted Remediator delegated administrator account:
+
+  * An Amazon S3 bucket named `ams-trusted-remediator-{your-account-id}-logs`. Trusted Remediator creates the `Remediation item log` in JSON format when a remediation OpsItem is created, and uploads the log files to this bucket.
+
+  * An AWS AppConfig application to hold the remediation configurations for supported Trusted Advisor checks.
+
+
+
+
+Trusted Remediator doesn't deploy resources in the Trusted Remediator member account.
+