AWS prescriptive-guidance documentation change
Summary
Removed SCP policy restricting VPC modification actions
Security assessment
Deleted network hardening example without evidence of addressing specific vulnerabilities
Diff
diff --git a/prescriptive-guidance/latest/privacy-reference-architecture/restrict-changes-vpc-configurations.md b/prescriptive-guidance/latest/privacy-reference-architecture/restrict-changes-vpc-configurations.md index 00bc4ff0c..0271f43b2 100644 --- a//prescriptive-guidance/latest/privacy-reference-architecture/restrict-changes-vpc-configurations.md +++ b//prescriptive-guidance/latest/privacy-reference-architecture/restrict-changes-vpc-configurations.md @@ -13,36 +12,0 @@ After you have designed and deployed the AWS infrastructure that supports your c - { - "Version": "2012-10-17", - "Statement": [ - { - "Action": [ - "ec2:AttachInternetGateway", - "ec2:CreateInternetGateway", - "ec2:AttachEgressOnlyInternetGateway", - "ec2:CreateVpcPeeringConnection", - "ec2:AcceptVpcPeeringConnection", - "ec2:CreateVpc", - "ec2:CreateSubnet", - "ec2:CreateRouteTable", - "ec2:CreateRoute", - "ec2:AssociateRouteTable", - "ec2:ModifyVpcAttribute", - "ec2:*TransitGateway", - "ec2:*TransitGateway*", - "globalaccelerator:Create*", - "globalaccelerator:Update*" - - ], - "Resource": "*", - "Effect": "Deny", - "Condition": { - "ArnNotLike": { - "aws:PrincipalARN": [ - "arn:aws:iam::*:role/Role1AllowedToBypassThisSCP", - "arn:aws:iam::*:role/Role2AllowedToBypassThisSCP" - ] - } - } - } - ] - } -