AWS Security ChangesHomeSearch

AWS prescriptive-guidance documentation change

Service: prescriptive-guidance · 2025-05-13 · Documentation low

File: prescriptive-guidance/latest/patterns/deploy-detective-attribute-based-access-controls-for-public-subnets-by-using-aws-config.md

Summary

Updated documentation to use full service name 'Elastic Load Balancing' instead of 'ELB' acronym and added console links

Security assessment

The changes primarily improve clarity by spelling out service names and adding hyperlinks to AWS service consoles. While the underlying pattern relates to security controls for public subnets, these specific documentation edits don't address new vulnerabilities or security features - they enhance readability and navigation without altering security recommendations.

Diff

diff --git a/prescriptive-guidance/latest/patterns/deploy-detective-attribute-based-access-controls-for-public-subnets-by-using-aws-config.md b/prescriptive-guidance/latest/patterns/deploy-detective-attribute-based-access-controls-for-public-subnets-by-using-aws-config.md
index b9a7bedaa..d7b570665 100644
--- a//prescriptive-guidance/latest/patterns/deploy-detective-attribute-based-access-controls-for-public-subnets-by-using-aws-config.md
+++ b//prescriptive-guidance/latest/patterns/deploy-detective-attribute-based-access-controls-for-public-subnets-by-using-aws-config.md
@@ -13 +13 @@ SummaryPrerequisites and limitationsArchitectureToolsBest practicesEpicsRelated
-Distributed edge network architectures rely on network edge security that runs alongside the workloads in their virtual private clouds (VPCs). This provides unprecedented scalability in comparison to the more common, centralized approach. Although deploying public subnets in workload accounts can provide benefits, it also introduces new security risks because it increases the attack surface. We recommend that you deploy only Elastic Load Balancing (ELB) resources, such as Application Load Balancers, or NAT gateways in the public subnets of these VPCs. Using load balancers and NAT gateways in dedicated public subnets helps you implement fine-grained control for inbound and outbound traffic.
+Distributed edge network architectures rely on network edge security that runs alongside the workloads in their virtual private clouds (VPCs). This provides unprecedented scalability in comparison to the more common, centralized approach. Although deploying public subnets in workload accounts can provide benefits, it also introduces new security risks because it increases the attack surface. We recommend that you deploy only Elastic Load Balancing resources, such as Application Load Balancers, or NAT gateways in the public subnets of these VPCs. Using load balancers and NAT gateways in dedicated public subnets helps you implement fine-grained control for inbound and outbound traffic.
@@ -21 +21 @@ To achieve this, this pattern uses [AWS Config custom rules](https://docs.aws.am
-  2. If the network interface is deployed in a public subnet, the rule checks which AWS service created this resource. If the resource is not an ELB resource or NAT gateway, it marks the resource as noncompliant.
+  2. If the network interface is deployed in a public subnet, the rule checks which AWS service created this resource. If the resource is not an Elastic Load Balancing resource or NAT gateway, it marks the resource as noncompliant.
@@ -96 +96 @@ You can scale this solution by:
-  * [Elastic Load Balancing (ELB)](https://docs.aws.amazon.com/elasticloadbalancing/latest/userguide/what-is-load-balancing.html) distributes incoming application or network traffic across multiple targets. For example, you can distribute traffic across Amazon Elastic Compute Cloud (Amazon EC2) instances, containers, and IP addresses in one or more Availability Zones.
+  * [Elastic Load Balancing](https://docs.aws.amazon.com/elasticloadbalancing/latest/userguide/what-is-load-balancing.html) distributes incoming application or network traffic across multiple targets. For example, you can distribute traffic across Amazon Elastic Compute Cloud (Amazon EC2) instances, containers, and IP addresses in one or more Availability Zones.
@@ -117 +117 @@ Create the Lambda function.|
-  1. Sign in to the AWS Management Console, and then open the AWS Lambda console.
+  1. Sign in to the AWS Management Console, and then open the [AWS Lambda console](https://console.aws.amazon.com/lambda/).
@@ -163 +163 @@ Retrieve the Lambda function Amazon Resource Name (ARN).|
-  1. Open the Lambda console.
+  1. Open the [Lambda console](https://console.aws.amazon.com/lambda/).
@@ -171 +171 @@ Create the AWS Config custom rule.|
-  1. Open the AWS Config console at [https://console.aws.amazon.com/config/]().
+  1. Open the [AWS Config console](https://console.aws.amazon.com/config/).
@@ -201 +201 @@ Create a compliant resource.|
-    1. Open the AWS Config console at [https://console.aws.amazon.com/config/]().
+    1. Open the [AWS Config console](https://console.aws.amazon.com/config/).
@@ -215 +215 @@ Create a noncompliant resource.|
-    1. Open the AWS Config console at [https://console.aws.amazon.com/config/]().
+    1. Open the [AWS Config console](https://console.aws.amazon.com/config/).