AWS directoryservice documentation change
Summary
Grammar fixes (apostrophe formatting) and strengthened security group configuration warnings
Security assessment
Reinforced security best practices regarding directory security group associations, explicitly stating that improper associations 'may create a potential security risk'. This improves security documentation but doesn't address a newly discovered issue.
Diff
diff --git a/directoryservice/latest/admin-guide/ad_connector_best_practices.md b/directoryservice/latest/admin-guide/ad_connector_best_practices.md index 809443c78..895962c57 100644 --- a//directoryservice/latest/admin-guide/ad_connector_best_practices.md +++ b//directoryservice/latest/admin-guide/ad_connector_best_practices.md @@ -40 +40 @@ Learn about the various limits for your specific directory type. The available s -### Understand your directory’s AWS security group configuration and use +### Understand your directory's AWS security group configuration and use @@ -42 +42 @@ Learn about the various limits for your specific directory type. The available s -AWS creates a [security group](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html#adding-security-group-rule) and attaches it to your directory’s [elastic network interfaces](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html) that are accessible from within your peered or resized [VPCs](https://aws.amazon.com/vpc/). AWS configures the security group to block unnecessary traffic to the directory and allows necessary traffic. +AWS creates a [security group](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html#adding-security-group-rule) and attaches it to your directory's [elastic network interfaces](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html) that are accessible from within your peered or resized [VPCs](https://aws.amazon.com/vpc/). AWS configures the security group to block unnecessary traffic to the directory and allows necessary traffic. @@ -50 +50 @@ If you want to modify the security of your directories’ security groups, you c -It is technically possible for you to associate the directory’s security group with other EC2 instances that you create. However, AWS recommends against this practice. AWS may have reasons to modify the security group without notice to address functional or security needs of the managed directory. Such changes affect any instances with which you associate the directory security group and may disrupt operation of the associated instances. Furthermore, associating the directory security group with your EC2 instances may create a potential security risk for your EC2 instances. +It is technically possible for you to associate the directory's security group with other EC2 instances that you create. However, AWS recommends against this practice. AWS may have reasons to modify the security group without notice to address functional or security needs of the managed directory. Such changes affect any instances with which you associate the directory security group and may disrupt operation of the associated instances. Furthermore, associating the directory security group with your EC2 instances may create a potential security risk for your EC2 instances.