AWS fis documentation change
Summary
Expanded description of network ACL denial action to clarify temporary cloning and management process
Security assessment
Adds documentation about security control implementation details (network ACL management), but does not address a specific security issue.
Diff
diff --git a/fis/latest/userguide/fis-actions-reference.md b/fis/latest/userguide/fis-actions-reference.md index 731729ba8..e06fcd590 100644 --- a//fis/latest/userguide/fis-actions-reference.md +++ b//fis/latest/userguide/fis-actions-reference.md @@ -1608 +1608 @@ AWS FIS supports the following network actions. -Denies the specified traffic to the target subnets. Uses network ACLs. +Denies the specified traffic to the target subnets by temporarily cloning the original network access control list (network ACL) associated with the targeted subnet. FIS adds deny rules to the cloned network ACL, which has a tag managedbyFIS=true, and associates it with the subnet for the duration of the action. At action completion, FIS deletes the cloned network ACL and restores the original network ACL association.