AWS Security ChangesHomeSearch

AWS managedservices medium security documentation change

Service: managedservices · 2025-08-10 · Security-related medium

File: managedservices/latest/appguide/about-security-groups.md

Summary

Updated Active Directory security group modification procedures with specific change types for adding/removing users

Security assessment

The change introduces dedicated change types (CTs) for user management in AD security groups, replacing a generic 'Update' CT. This reduces risk of misconfiguration by enforcing proper procedures for privilege management, directly impacting access control security.

Diff

diff --git a/managedservices/latest/appguide/about-security-groups.md b/managedservices/latest/appguide/about-security-groups.md
index 880e1127e..2d5e3865a 100644
--- a//managedservices/latest/appguide/about-security-groups.md
+++ b//managedservices/latest/appguide/about-security-groups.md
@@ -88 +88,8 @@ To create a security group outside of stacks and VPCs, submit an RFC using the `
-To add or remove a user from an Active Directory (AD) security group, submit a request for change (RFC) using the `Management | Other | Other | Update` CT (ct-0xdawir96cy7k).
+For Active Directory (AD) security group modifications, use the following change types:
+
+  * To add a user: Submit an RFC using Management | Directory Service | Users and groups | Add user to group [ct-24pi85mjtza8k]
+
+  * To remove a user: Submit an RFC using Management | Directory Service | Users and groups | Remove user from group [ct-2019s9y3nfml4]
+
+
+