AWS Security ChangesHomeSearch

AWS fis documentation change

Service: fis · 2025-06-16 · Documentation low

File: fis/latest/userguide/fis-actions-reference.md

Summary

Expanded description of network ACL denial action to clarify temporary cloning and management process

Security assessment

Adds documentation about security control implementation details (network ACL management), but does not address a specific security issue.

Diff

diff --git a/fis/latest/userguide/fis-actions-reference.md b/fis/latest/userguide/fis-actions-reference.md
index 731729ba8..e06fcd590 100644
--- a//fis/latest/userguide/fis-actions-reference.md
+++ b//fis/latest/userguide/fis-actions-reference.md
@@ -1608 +1608 @@ AWS FIS supports the following network actions.
-Denies the specified traffic to the target subnets. Uses network ACLs.
+Denies the specified traffic to the target subnets by temporarily cloning the original network access control list (network ACL) associated with the targeted subnet. FIS adds deny rules to the cloned network ACL, which has a tag managedbyFIS=true, and associates it with the subnet for the duration of the action. At action completion, FIS deletes the cloned network ACL and restores the original network ACL association.