AWS gameliftstreams documentation change
Summary
Removed shared tenancy section and renamed section to 'Reuse and multi-tenancy'
Security assessment
Removal of detailed shared tenancy security implications reduces documentation clarity but doesn't directly indicate a security issue. The change appears to be content reorganization rather than security modification.
Diff
diff --git a/gameliftstreams/latest/developerguide/infrastructure-security.md b/gameliftstreams/latest/developerguide/infrastructure-security.md index 21dd532fe..474d6e371 100644 --- a//gameliftstreams/latest/developerguide/infrastructure-security.md +++ b//gameliftstreams/latest/developerguide/infrastructure-security.md @@ -5,2 +4,0 @@ -Shared tenancy in Amazon GameLift Streams - @@ -22,8 +19,0 @@ Additionally, requests must be signed by using an access key ID and a secret acc -## Shared tenancy in Amazon GameLift Streams - -Some Amazon GameLift Streams stream groups rely on internal resource sharing. This approach is different from dedicated resource allocation, as seen in other AWS services like Amazon EC2. Amazon GameLift Streams provisions stream groups uniquely within your AWS account, and resources are never shared or mixed between different stream groups. A single stream group might share underlying compute and storage resources across multiple streams. You define the degree of sharing by your stream class selection. The Windows-based classes and the Linux-based "ultra" classes never share resources, while the Linux-based "high" classes use shared resources to provide two streams from a single GPU. - -This shared tenancy model in the Linux-based "high" stream classes is unique to Amazon GameLift Streams and comes with important security and performance implications. You are responsible for maintaining the security of your provided applications. The security posture of a dedicated-resource group is equivalent to running one application per physical server, which is the highest possible level of isolation. The security posture of a shared-tenancy group is equivalent to hosting multiple application containers on a single physical server. This posture isn't inherently insecure, but it might amplify the impact of existing security vulnerabilities in your applications. - -Amazon GameLift Streams makes efforts to ensure that each application instance is self-contained and isolated regardless of resource sharing. However, if an application consumes CPU or GPU resources beyond the limits of the provisioned stream class, it can have an impact on other streams that use the shared resources (in a "high" stream group, up to one other stream). Your application should regulate its own resource consumption. If your application can't regulate its resource usage and your use case has zero tolerance for a potential "noisy neighbor" problem, a dedicated-resource stream class, such as `gen4n_win2022`, `gen5n_win2022`, `gen4n_ultra` , or `gen5n_ultra` is recommended. - @@ -38 +28 @@ Resilience -Interface VPC endpoints +Reuse and multi-tenancy