AWS Security ChangesHomeSearch

AWS directoryservice documentation change

Service: directoryservice · 2025-06-28 · Documentation low

File: directoryservice/latest/admin-guide/ms_ad_best_practices.md

Summary

Updated apostrophe usage from curly to straight quotes in multiple sections

Security assessment

Changes involve punctuation corrections (curly apostrophes to straight quotes) with no security content modifications. The security group configuration description remains unchanged except for typography.

Diff

diff --git a/directoryservice/latest/admin-guide/ms_ad_best_practices.md b/directoryservice/latest/admin-guide/ms_ad_best_practices.md
index f04b1aab4..1cfcb5817 100644
--- a//directoryservice/latest/admin-guide/ms_ad_best_practices.md
+++ b//directoryservice/latest/admin-guide/ms_ad_best_practices.md
@@ -64 +64 @@ Learn about the various limits for your specific directory type. The available s
-#### Understand your directory’s AWS security group configuration and use
+#### Understand your directory's AWS security group configuration and use
@@ -66 +66 @@ Learn about the various limits for your specific directory type. The available s
-AWS creates a [security group](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html#adding-security-group-rule) and attaches it to your directory’s domain controller [elastic network interfaces](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html). This security group blocks unnecessary traffic to the domain controller and allows traffic that is necessary for Active Directory communications. AWS configures the security group to open only the ports that are required for Active Directory communications. In the default configuration, the security group accepts traffic to these ports from AWS Managed Microsoft AD VPC IPv4 CIDR address. AWS attaches the security group to your domain controllers’ interfaces that are accessible from within your peered or resized [VPCs](https://aws.amazon.com/vpc/). These interfaces are inaccessible from the internet even if you modify routing tables, change the network connections to your VPC, and configure the [NAT Gateway service](https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-nat-gateway.html). As such, only instances and computers that have a network path into the VPC can access the directory. This simplifies setup by eliminating the requirement for you to configure specific address ranges. Instead, you configure routes and security groups into the VPC that permit traffic only from trusted instances and computers.
+AWS creates a [security group](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html#adding-security-group-rule) and attaches it to your directory's domain controller [elastic network interfaces](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html). This security group blocks unnecessary traffic to the domain controller and allows traffic that is necessary for Active Directory communications. AWS configures the security group to open only the ports that are required for Active Directory communications. In the default configuration, the security group accepts traffic to these ports from AWS Managed Microsoft AD VPC IPv4 CIDR address. AWS attaches the security group to your domain controllers’ interfaces that are accessible from within your peered or resized [VPCs](https://aws.amazon.com/vpc/). These interfaces are inaccessible from the internet even if you modify routing tables, change the network connections to your VPC, and configure the [NAT Gateway service](https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-nat-gateway.html). As such, only instances and computers that have a network path into the VPC can access the directory. This simplifies setup by eliminating the requirement for you to configure specific address ranges. Instead, you configure routes and security groups into the VPC that permit traffic only from trusted instances and computers.
@@ -167 +167 @@ Here are some suggestions to keep in mind when using your AWS Managed Microsoft
-When you use AWS Directory Service to launch a directory, AWS creates an organizational unit (OU) that contains all your directory’s objects. This OU, which has the NetBIOS name that you typed when you created your directory, is located in the domain root. The domain root is owned and managed by AWS. Several groups and an administrative user are also created.
+When you use AWS Directory Service to launch a directory, AWS creates an organizational unit (OU) that contains all your directory's objects. This OU, which has the NetBIOS name that you typed when you created your directory, is located in the domain root. The domain root is owned and managed by AWS. Several groups and an administrative user are also created.