AWS solutions documentation change
Summary
Added sections on deploying in a dedicated AWS account and AWS security best practices
Security assessment
The change documents security best practices (e.g., account isolation, access controls) but does not fix a specific security issue.
Diff
diff --git a/solutions/latest/clickstream-analytics-on-aws/security-1.md b/solutions/latest/clickstream-analytics-on-aws/security-1.md index ca91760f9..43ab48216 100644 --- a//solutions/latest/clickstream-analytics-on-aws/security-1.md +++ b//solutions/latest/clickstream-analytics-on-aws/security-1.md @@ -5 +5 @@ -IAM RolesAmazon VPCSecurity GroupsAmazon CloudFront +Deploy in a Dedicated AWS AccountAWS Security Best PracticesIAM RolesAmazon VPCSecurity GroupsAmazon CloudFront @@ -10,0 +11,21 @@ When you build systems on AWS infrastructure, security responsibilities are shar +## Deploy in a Dedicated AWS Account + +Consider deploying the solution in a dedicated AWS account. This option may be desired by some organizations because the application needs access to other resources within the account to function properly. By isolating the application in its own account, you can minimize potential security risks, and constrain access and permissions. A dedicated account adds a layer of security isolation. This approach helps prevent unintended access to other resources and reduces the potential impact of any security incidents. + +## AWS Security Best Practices + +Consider the following when setting up your dedicated application account: + + 1. Select a new or existing AWS account that you can dedicate solely to running the Clickstream stack. + + 2. Secure this account with strong access controls, MFA and follow AWS security best practices. + + 3. Limit access to this account to only those team members who need it for managing and maintaining the application. + + 4. Regularly review and audit the account’s configuration and access patterns to maintain a strong security posture. + + + + +By following this deployment strategy, you can enhance the security posture of your solution implementation and better protect your AWS environment. +