AWS imagebuilder documentation change
Summary
Clarified base image sources for container recipes and emphasized security best practices regarding sensitive parameters
Security assessment
While the changes include security-conscious documentation about parameter logging and image sources, they represent general security best practices rather than addressing specific vulnerabilities. The update improves security awareness but doesn't indicate a resolved security issue.
Diff
diff --git a/imagebuilder/latest/userguide/create-container-recipes.md b/imagebuilder/latest/userguide/create-container-recipes.md index b01011f55..b49a96f2f 100644 --- a//imagebuilder/latest/userguide/create-container-recipes.md +++ b//imagebuilder/latest/userguide/create-container-recipes.md @@ -37 +37 @@ Creating a new version of a container recipe is virtually the same as creating a -To see details that are associated with your base image selection, choose the tab that matches your selection. +For Docker container images, you can choose from public images hosted on DockerHub, existing container images in Amazon ECR, or Amazon-managed container images. To see details that are associated with your base image selection, choose the tab that matches your selection. @@ -233 +233,7 @@ Component parameters are plain text values, and are logged in AWS CloudTrail. We - * parentImage (string, required) – Image that the container recipe uses as a base for your customized image. The value can be the base image ARN or an AMI ID. + * parentImage (string, required) – The Docker container image to use in the container recipe as a baseline for your customized image. + + * Public images hosted on DockerHub + + * Existing container images in Amazon ECR + + * Amazon-managed container images