AWS awssupport medium security documentation change
Summary
Added documentation for updated checks including Ubuntu LTS support end, ECS logging mode change, and MFA root account management
Security assessment
The 'MFA on root account' check update provides security documentation about centralized credential management capabilities. This relates to security best practices for root account protection but does not indicate a specific vulnerability being patched.
Diff
diff --git a/awssupport/latest/user/aws-trusted-advisor-change-log.md b/awssupport/latest/user/aws-trusted-advisor-change-log.md index 9e583e5aa..d4d3f1d8c 100644 --- a//awssupport/latest/user/aws-trusted-advisor-change-log.md +++ b//awssupport/latest/user/aws-trusted-advisor-change-log.md @@ -5 +5 @@ -New and updated checksNew check - AWS STS global endpoint usage across AWS RegionsNew Cost Optimization Hub checksCloudFront specific checks revisedRevised checksDeprecated AWS Security Hub checksNew check: Amazon RDS Continuous Backup Not EnabledNew check: AWS CloudTrail Management Events LoggingUpdated the Auto Scaling Group Resources checkUpdated the IAM Access Analyzer External Access checkAdded 1 new checkUpdated 3 checksAdded 4 checksUpdated 3 checksAdded 9 new checksUpdated 1 Security check and added 1 Security checkUpdated 6 Security checksUpdated 1 fault tolerance checksUpdated 9 checksRemoved 5 checks and added 1 checkRemoved fault tolerance checksNew fault tolerance checkUpdated fault tolerance and security checksNew fault tolerance checkUpdated fault tolerance checkUpdated security checkNew security and performance checksNew security checkNew fault tolerance and cost optimization checksNew fault tolerance checksNew checks for Amazon RDSNew AWS Trusted Advisor APITrusted Advisor check removalIntegration of AWS Config checks into Trusted AdvisorNew fault tolerance checksNew service limits checkNew fault tolerance checkNew fault tolerance and performance checksNew fault tolerance checksNew fault tolerance checksRegion Expansion of Amazon ECS Fault Tolerance ChecksNew fault tolerance checksNew fault tolerance checksUpdates to the Trusted Advisor integration with AWS Security HubNew fault tolerance checks for AWS Resilience HubUpdate to the Trusted Advisor consoleNew checks for Amazon EC2Added Security Hub checks to Trusted AdvisorAdded checks from AWS Compute OptimizerUpdates to the Exposed Access Keys checkUpdated checks for AWS Direct ConnectAWS Security Hub controls added to the AWS Trusted Advisor consoleNew checks for Amazon EC2 and AWS Well-ArchitectedUpdated check name for Amazon OpenSearch ServiceAdded checks for Amazon Elastic Block Store volume storageAdded checks for AWS LambdaTrusted Advisor check removalUpdated checks for Amazon Elastic Block StoreTrusted Advisor check removalTrusted Advisor check removal +Updated check: Amazon EC2 instances with Ubuntu LTS end of standard support Updated checksNew and updated checksNew check - AWS STS global endpoint usage across AWS RegionsNew Cost Optimization Hub checksCloudFront specific checks revisedRevised checksDeprecated AWS Security Hub checksNew check: Amazon RDS Continuous Backup Not EnabledNew check: AWS CloudTrail Management Events LoggingUpdated the Auto Scaling Group Resources checkUpdated the IAM Access Analyzer External Access checkAdded 1 new checkUpdated 3 checksAdded 4 checksUpdated 3 checksAdded 9 new checksUpdated 1 Security check and added 1 Security checkUpdated 6 Security checksUpdated 1 fault tolerance checksUpdated 9 checksRemoved 5 checks and added 1 checkRemoved fault tolerance checksNew fault tolerance checkUpdated fault tolerance and security checksNew fault tolerance checkUpdated fault tolerance checkUpdated security checkNew security and performance checksNew security checkNew fault tolerance and cost optimization checksNew fault tolerance checksNew checks for Amazon RDSNew AWS Trusted Advisor APITrusted Advisor check removalIntegration of AWS Config checks into Trusted AdvisorNew fault tolerance checksNew service limits checkNew fault tolerance checkNew fault tolerance and performance checksNew fault tolerance checksNew fault tolerance checksRegion Expansion of Amazon ECS Fault Tolerance ChecksNew fault tolerance checksNew fault tolerance checksUpdates to the Trusted Advisor integration with AWS Security HubNew fault tolerance checks for AWS Resilience HubUpdate to the Trusted Advisor consoleNew checks for Amazon EC2Added Security Hub checks to Trusted AdvisorAdded checks from AWS Compute OptimizerUpdates to the Exposed Access Keys checkUpdated checks for AWS Direct ConnectAWS Security Hub controls added to the AWS Trusted Advisor consoleNew checks for Amazon EC2 and AWS Well-ArchitectedUpdated check name for Amazon OpenSearch ServiceAdded checks for Amazon Elastic Block Store volume storageAdded checks for AWS LambdaTrusted Advisor check removalUpdated checks for Amazon Elastic Block StoreTrusted Advisor check removalTrusted Advisor check removal @@ -16,0 +17,17 @@ For more information about the available checks, see the [AWS Trusted Advisor ch +## Updated check: Amazon EC2 instances with Ubuntu LTS end of standard support + +The following check was updated: + +Check name | Check ID | Description +---|---|--- +[Amazon EC2 instances with Ubuntu LTS end of standard support](./security-checks.html#amazon-ec2-instances-ubuntu-lts-end-of-standard-support) | `c1dfprch15` | Updated the note to indicate that this check refreshes at least once daily. + +## Updated checks + +The following checks were updated: + +Check name | Check ID | Description +---|---|--- +[Amazon ECS AWSLogs driver in blocking mode](./fault-tolerance-checks.html#amazon-ecs-awslogs-driver-blockingmode) | `c1dvkm4z6b` | Amazon ECS changed the default setting for awslogs driver logging configuration parameter mode from `blocking` to `non-blocking`. The Yellow status description has been updated to reflect this change. +[MFA on root account](./security-checks.html#mfa-root-account) | `7DAFEmoDos` | Added information indicating that member account root user credentials can be deleted centrally, removing the need to manage MFA on root user credentials. +