AWS Security ChangesHomeSearch

AWS AmazonECS documentation change

Service: AmazonECS · 2025-05-16 · Documentation low

File: AmazonECS/latest/developerguide/security-network.md

Summary

Fixed typos and improved clarity in network security documentation (TLS certificates, firewalls, AWS PrivateLink)

Security assessment

The changes correct grammatical errors and clarify existing security practices (TLS certificate management, firewall rules, PrivateLink usage) but do not introduce new security features or address specific vulnerabilities. The documentation improvements reinforce existing security guidance.

Diff

diff --git a/AmazonECS/latest/developerguide/security-network.md b/AmazonECS/latest/developerguide/security-network.md
index 0d490e32f..c17c4eec0 100644
--- a//AmazonECS/latest/developerguide/security-network.md
+++ b//AmazonECS/latest/developerguide/security-network.md
@@ -35 +35 @@ The Application Load Balancer (ALB) and Network Load Balancer (NLB) support Serv
-This involves deploying a TLS certificate with the task. This can either be a self-signed certificate or a certificate from a trusted certificate authority. You can obtain the certificate by referencing a secret for the certificate. Otherwise, you can choose to run an container that issues a Certificate Signing Request (CSR) to ACM and then mounts the resulting secret to a shared volume.
+This involves deploying a TLS certificate with the task. This can either be a self-signed certificate or a certificate from a trusted certificate authority. You can obtain the certificate by referencing a secret for the certificate. Otherwise, you can choose to run a container that issues a Certificate Signing Request (CSR) to ACM and then mounts the resulting secret to a shared volume.
@@ -52 +52 @@ We recommend that you configure your tasks to use the `awsvpc` network mode. Aft
-If you use a custom firewall with tasks or sevices, add an outbound rule to allow traffic for the Amazon ECS agent management endpoints ("`ecs-a-*.`region`.amazonaws.com`"), telemetry endpoints ("`ecs-t-*.`region`.amazonaws.com`"), and the Service Connect Envoy management endpoints ("`ecs-sc.`region`.api.aws`").
+If you use a custom firewall with tasks or services, add an outbound rule to allow traffic for the Amazon ECS agent management endpoints ("`ecs-a-*.`region`.amazonaws.com`"), telemetry endpoints ("`ecs-t-*.`region`.amazonaws.com`"), and the Service Connect Envoy management endpoints ("`ecs-sc.`region`.api.aws`").
@@ -60 +60 @@ AWS PrivateLink is a networking technology that allows you to create private end
-AWS Fargate tasks don't require a AWS PrivateLink endpoint for Amazon ECS.
+AWS Fargate tasks don't require an AWS PrivateLink endpoint for Amazon ECS.
@@ -114 +114 @@ You should create clusters in separate Amazon VPCs when network traffic needs to
-You should configure AWS PrivateLink endpoints endpoints when warranted. If your security policy prevents you from attaching an Internet Gateway (IGW) to your Amazon VPCs, configure AWS PrivateLink endpoints for Amazon ECS and other services such as Amazon ECR, AWS Secrets Manager, and Amazon CloudWatch.
+You should configure AWS PrivateLink endpoints when warranted. If your security policy prevents you from attaching an Internet Gateway (IGW) to your Amazon VPCs, configure AWS PrivateLink endpoints for Amazon ECS and other services such as Amazon ECR, AWS Secrets Manager, and Amazon CloudWatch.