AWS Security ChangesHomeSearch

AWS general documentation change

Service: general · 2025-05-19 · Documentation medium

File: general/latest/gr/ak.md

Summary

Added documentation about required endpoint allowlisting for Kinesis Data Streams operations in strict security environments

Security assessment

The change provides security configuration guidance for network policies but does not address a specific security vulnerability. It enhances documentation about secure service access requirements without referencing any patched issues.

Diff

diff --git a/general/latest/gr/ak.md b/general/latest/gr/ak.md
index 12406a975..ec000ae4d 100644
--- a//general/latest/gr/ak.md
+++ b//general/latest/gr/ak.md
@@ -59,0 +60,11 @@ Shards per Region |  us-east-1: 20,000 us-east-2: 6,000 us-west-2: 20,000 ap-nor
+If you’re using strict security policies that require explicit allowlisting of service endpoints, you must also allowlist the following account-level endpoints to ensure Kinesis Data Streams actions succeed.
+
+  * **Control-plane APIs** : `*.control-kinesis.<Region>.amazonaws.com and *.control-kinesis.<Region>.api.aws`
+
+  * **Data-plane APIs** : `*.data-kinesis.<Region>.amazonaws.com and *.data-kinesis.<Region>.api.aws`
+
+
+
+
+The `.api.aws` endpoints are dual stack endpoints that accept IPv6 requests. 
+