AWS drs documentation change
Summary
Added requirement for security group configuration on S3 interface endpoint to allow agent communication
Security assessment
The change emphasizes proper network security group configuration for agent installation. While security-related as a best practice, it's a standard connectivity prerequisite rather than addressing a specific security vulnerability. The update improves documentation about required permissions but doesn't indicate a security flaw being patched.
Diff
diff --git a/drs/latest/userguide/installing-agent-blocked.md b/drs/latest/userguide/installing-agent-blocked.md index bfa955c4a..b5aa441e4 100644 --- a//drs/latest/userguide/installing-agent-blocked.md +++ b//drs/latest/userguide/installing-agent-blocked.md @@ -12,0 +13,2 @@ You can connect your on premise network to the subnet in your staging area VPC u +These topics describe the connectivity prerequisites that enable you to install the agent. All of the settings apply to the target account (or the staging account in a multi-account scenario) and Region where you want to handle the recovery. + @@ -37 +39 @@ Example of an interface endpoint DNS name: vpce-0123456789-abcdef.drs.<REGION>.v -To allow the AWS Replication Agent installer to communicate with S3, create an interface S3 endpoint for AWS Elastic Disaster Recovery in your staging area subnet. For more information, see [Endpoints for Amazon S3](https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-s3.html) in the _Amazon VPC User Guide_. +To allow the AWS Replication Agent installer to communicate with S3, create an interface S3 endpoint for AWS Elastic Disaster Recovery in your staging area subnet. For more information, see [Endpoints for Amazon S3](https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-s3.html) in the _Amazon VPC User Guide_. The endpoint requires a security group that allows connection from the agent, enabling it to download components it needs for the installation.