AWS directoryservice medium security documentation change
Summary
Reworded security group modification warnings to emphasize reduced security risks and clarify AWS Shared Responsibility Model reference
Security assessment
The changes explicitly warn against opening additional ports to avoid security reduction and reinforce the Shared Responsibility Model. This directly addresses security best practices for network configuration.
Diff
diff --git a/directoryservice/latest/admin-guide/simple_ad_best_practices.md b/directoryservice/latest/admin-guide/simple_ad_best_practices.md index 855a5b0c3..900ec33b3 100644 --- a//directoryservice/latest/admin-guide/simple_ad_best_practices.md +++ b//directoryservice/latest/admin-guide/simple_ad_best_practices.md @@ -46 +46 @@ AWS creates a [security group](https://docs.aws.amazon.com/AWSEC2/latest/UserGui -If you want to modify the security of your directories’ security groups, you can do so. Make such changes only if you fully understand how security group filtering works. For more information, see [Amazon EC2 security groups for Linux instances](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html) in the _Amazon EC2 User Guide_. Improper changes can result in loss of communications to intended computers and instances. AWS recommends that you do not attempt to open additional ports to your directory as this decreases the security of your directory. Please carefully review the [AWS Shared Responsibility Model](https://aws.amazon.com/compliance/shared-responsibility-model/). +You can modify security groups for your directories, but only do so if you fully understand security group filtering. For more information, see [Amazon EC2 security groups for Linux instances](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html) in the _Amazon EC2 User Guide_. Improper changes may disrupt communications with intended computers and instances. AWS recommends against opening additional ports to your directory as this reduces security. Review the [AWS Shared Responsibility Model](https://aws.amazon.com/compliance/shared-responsibility-model/) before making changes.