AWS elasticbeanstalk documentation change
Summary
Merged service role and instance profile creation guidance, updated section title to 'Security best practices'
Security assessment
Restructured content to emphasize security best practices for IAM roles, but no indication of fixing a security vulnerability. The changes improve documentation of security features.
Diff
diff --git a/elasticbeanstalk/latest/dg/concepts-roles.md b/elasticbeanstalk/latest/dg/concepts-roles.md index 5057d3d53..c97b9449d 100644 --- a//elasticbeanstalk/latest/dg/concepts-roles.md +++ b//elasticbeanstalk/latest/dg/concepts-roles.md @@ -22 +22 @@ When you create an environment, AWS Elastic Beanstalk prompts you to provide the -###### Service role +###### Create the service role and EC2 instance profile role @@ -24,5 +24 @@ When you create an environment, AWS Elastic Beanstalk prompts you to provide the -When you create an environment the required service roles are created and assigned [managed policies](./AWSHowTo.iam.managed-policies.html). These policies include all of the necessary permissions. Existing service roles are automatically assigned to the new environment if they already exists from previous environments. - -###### Instance profile - -If your AWS account doesn’t have an EC2 instance profile, you must create one using the IAM service. You can then assign the EC2 instance profile to new environments that you create. The **Create environment** wizard provides information to guide you through the IAM service, so that you can create an EC2 instance profile with the required permissions. After creating the instance profile, you can return to the console to select it as the EC2 instance profile and continue the steps to create your environment. +If your AWS account doesn’t have an EC2 instance profile or a service role, you must create one of each using the IAM service. You can then assign the EC2 instance profile and service role to new environments that you create. The **Create environment** wizard guides you to the IAM service, so that you can create these roles with the required permissions. @@ -42 +38 @@ To use the Amazon Web Services Documentation, Javascript must be enabled. Please -Design considerations +Security best practices