AWS general documentation change
Summary
Added documentation about required endpoint allowlisting for Kinesis Data Streams operations in strict security environments
Security assessment
The change provides security configuration guidance for network policies but does not address a specific security vulnerability. It enhances documentation about secure service access requirements without referencing any patched issues.
Diff
diff --git a/general/latest/gr/ak.md b/general/latest/gr/ak.md index 12406a975..ec000ae4d 100644 --- a//general/latest/gr/ak.md +++ b//general/latest/gr/ak.md @@ -59,0 +60,11 @@ Shards per Region | us-east-1: 20,000 us-east-2: 6,000 us-west-2: 20,000 ap-nor +If you’re using strict security policies that require explicit allowlisting of service endpoints, you must also allowlist the following account-level endpoints to ensure Kinesis Data Streams actions succeed. + + * **Control-plane APIs** : `*.control-kinesis.<Region>.amazonaws.com and *.control-kinesis.<Region>.api.aws` + + * **Data-plane APIs** : `*.data-kinesis.<Region>.amazonaws.com and *.data-kinesis.<Region>.api.aws` + + + + +The `.api.aws` endpoints are dual stack endpoints that accept IPv6 requests. +