AWS Security ChangesHomeSearch

AWS systems-manager-automation-runbooks documentation change

Service: systems-manager-automation-runbooks · 2025-05-22 · Documentation low

File: systems-manager-automation-runbooks/latest/userguide/automation-awssupport-collectecsinstancelogs.md

Summary

Updated URL reference for Amazon S3 predefined groups documentation from 'dev' to 'userguide' path

Security assessment

The change corrects a documentation link but does not alter security-related content. The existing security checks for S3 bucket policies/ACLs remain unchanged.

Diff

diff --git a/systems-manager-automation-runbooks/latest/userguide/automation-awssupport-collectecsinstancelogs.md b/systems-manager-automation-runbooks/latest/userguide/automation-awssupport-collectecsinstancelogs.md
index 408a20ffd..475abcfdb 100644
--- a//systems-manager-automation-runbooks/latest/userguide/automation-awssupport-collectecsinstancelogs.md
+++ b//systems-manager-automation-runbooks/latest/userguide/automation-awssupport-collectecsinstancelogs.md
@@ -11 +11 @@ The `AWSSupport-CollectECSInstanceLogs` runbook collects operating system and Am
-If you specify a value for the `LogDestination` parameter, the target instance must have the AWS Command Line Interface (AWS CLI) for Linux instances or AWS Tools for Windows PowerShell for Windows instances installed. The automation evaluates the policy status of the Amazon Simple Storage Service (Amazon S3) bucket you specify. To help with the security of the logs gathered from your Amazon EC2 instance, if the policy status `isPublic` is set to `true` , or if the access control list (ACL) grants `READ|WRITE` permissions to the `All Users` Amazon S3 predefined group, the logs are not uploaded. Additionaly, if the provided bucket is not available in your account, the logs are not uploaded. For more information about Amazon S3 predefined g roups, see [ Amazon S3 predefined groups](https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#specifying-grantee-predefined-groups) in the _Amazon Simple Storage Service User Guide_ . 
+If you specify a value for the `LogDestination` parameter, the target instance must have the AWS Command Line Interface (AWS CLI) for Linux instances or AWS Tools for Windows PowerShell for Windows instances installed. The automation evaluates the policy status of the Amazon Simple Storage Service (Amazon S3) bucket you specify. To help with the security of the logs gathered from your Amazon EC2 instance, if the policy status `isPublic` is set to `true` , or if the access control list (ACL) grants `READ|WRITE` permissions to the `All Users` Amazon S3 predefined group, the logs are not uploaded. Additionaly, if the provided bucket is not available in your account, the logs are not uploaded. For more information about Amazon S3 predefined g roups, see [ Amazon S3 predefined groups](https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#specifying-grantee-predefined-groups) in the _Amazon Simple Storage Service User Guide_ .