AWS solutions documentation change
Summary
Updated terminology from 'solution' to 'guidance' throughout the document, modified documentation URL path from 'implementations' to 'guidance', and made minor editorial changes without altering security content.
Security assessment
The changes are purely terminological (replacing 'solution' with 'guidance') and URL updates. No new security controls, vulnerabilities, or mitigations were introduced. Existing security-related content about IAM roles, S3 bucket policies, WAF, KMS encryption, and HTTPS remains unchanged except for terminology.
Diff
diff --git a/solutions/latest/scalable-analytics-using-apache-druid-on-aws/security-1.md b/solutions/latest/scalable-analytics-using-apache-druid-on-aws/security-1.md index a401f7f70..cf0e78f3e 100644 --- a//solutions/latest/scalable-analytics-using-apache-druid-on-aws/security-1.md +++ b//solutions/latest/scalable-analytics-using-apache-druid-on-aws/security-1.md @@ -3 +3 @@ -[Documentation](/index.html)[Scalable Analytics Using Apache Druid on AWS](https://aws.amazon.com/solutions/implementations/scalable-analytics-using-apache-druid-on-aws)[Implementation Guide](solution-overview.html) +[Documentation](/index.html)[Guidance for Scalable Analytics Using Apache Druid on AWS](https://aws.amazon.com/solutions/guidance/scalable-analytics-using-apache-druid-on-aws)[Implementation Guide](solution-overview.html) @@ -13 +13 @@ When you build systems on AWS infrastructure, security responsibilities are shar -AWS Identity and Access Management (IAM) roles allow customers to assign granular access policies and permissions to services and users on the AWS Cloud. The solution creates IAM roles that grant the solution’s constructs to access Regional resources provisioned by the solution, such as: +AWS Identity and Access Management (IAM) roles allow customers to assign granular access policies and permissions to services and users on the AWS Cloud. The guidance creates IAM roles that grant the guidance’s constructs to access Regional resources provisioned by the guidance, such as: @@ -22 +22 @@ AWS Identity and Access Management (IAM) roles allow customers to assign granula -By default, all Amazon S3 buckets for the solution have the following configuration: +By default, all Amazon S3 buckets for the guidance have the following configuration: @@ -39 +39 @@ Additionally, the Amazon S3 buckets are also configured with a default buckets p -This solution incorporates the deployment of AWS Web Application Firewall (WAF) when the Application Load Balancer (ALB) is configured to be internet-facing. AWS WAF is used to enhance the security of the web applications exposed through the ALB by providing protection against various web-based threats and attacks. +This guidance incorporates the deployment of AWS Web Application Firewall (WAF) when the Application Load Balancer (ALB) is configured to be internet-facing. AWS WAF is used to enhance the security of the web applications exposed through the ALB by providing protection against various web-based threats and attacks. @@ -43 +43 @@ This solution incorporates the deployment of AWS Web Application Firewall (WAF) -The solution allows you to provide your own AWS KMS keys to encrypt stored data in the S3 bucket and Aurora cluster. We recommend referring to the [security best practices for AWS Key Management Service](https://docs.aws.amazon.com/kms/latest/developerguide/best-practices.html) to enhance the protection of your encryption keys. +The guidance allows you to provide your own AWS KMS keys to encrypt stored data in the S3 bucket and Aurora cluster. We recommend referring to the [security best practices for AWS Key Management Service](https://docs.aws.amazon.com/kms/latest/developerguide/best-practices.html) to enhance the protection of your encryption keys. @@ -47 +47 @@ The solution allows you to provide your own AWS KMS keys to encrypt stored data -All data committed to the solution is encrypted at rest using [AWS Key Management Service](https://aws.amazon.com/kms/) (AWS KMS) customer managed keys. This includes data stored in the following services: +All data committed to the guidance is encrypted at rest using [AWS Key Management Service](https://aws.amazon.com/kms/) (AWS KMS) customer managed keys. This includes data stored in the following services: @@ -58 +58 @@ All data committed to the solution is encrypted at rest using [AWS Key Managemen -Communication between the solution’s different components is over HTTPS to ensure data encryption in transit. +Communication between the guidance’s different components is over HTTPS to ensure data encryption in transit.