AWS network-firewall medium security documentation change
Summary
Updated firewall creation documentation with revised subnet requirements, traffic analysis mode clarification, and restructured workflow steps. Added emphasis on dedicated subnets for firewall endpoints and post-creation configuration requirements.
Security assessment
The change explicitly mandates dedicated subnets for firewall endpoints (cannot be shared with other resources), which addresses potential security risks from resource co-location. It also makes firewall policy configuration and route table updates mandatory requirements rather than optional steps, preventing insecure default configurations. These changes directly impact security posture by enforcing isolation and proper traffic routing.