AWS systems-manager-automation-runbooks documentation change
Summary
Modified S3 bucket check to verify AWS Shield Advanced subscription and bucket access instead of public access permissions and encryption checks.
Security assessment
Adds documentation about verifying AWS Shield Advanced subscriptions, a security service for DDoS protection. While this enhances security awareness, there is no evidence of addressing a specific vulnerability.
Diff
diff --git a/systems-manager-automation-runbooks/latest/userguide/automation-aws-ddosresiliencyassessment.md b/systems-manager-automation-runbooks/latest/userguide/automation-aws-ddosresiliencyassessment.md index 69e466c5f..4b24df7a8 100644 --- a//systems-manager-automation-runbooks/latest/userguide/automation-aws-ddosresiliencyassessment.md +++ b//systems-manager-automation-runbooks/latest/userguide/automation-aws-ddosresiliencyassessment.md @@ -285 +285 @@ Any prefix for the path inside Amazon S3 for storing the results. -Checks if the Amazon S3 bucket specified in the "S3BucketName" allows anonymous, or public read or write access permissions, whether the bucket has encryption at rest enabled, and if the AWS account ID provided in "S3BucketOwner" is the owner of the Amazon S3 bucket. +Verifies whether the AWS account is subscribed to AWS Shield Advanced and if the runbook has access to the Amazon S3 bucket.