AWS Security ChangesHomeSearch

AWS transform medium security documentation change

Service: transform · 2025-08-13 · Security-related medium

File: transform/latest/userguide/transform-app-mainframe-workflow.md

Summary

Added detailed zip structure requirements and clarified tokenizer_map.json's role in log privacy

Security assessment

The update explicitly states that tokenizer_map.json anonymizes sensitive data in logs, enhancing privacy protections. This addresses potential data exposure risks in logs.

Diff

diff --git a/transform/latest/userguide/transform-app-mainframe-workflow.md b/transform/latest/userguide/transform-app-mainframe-workflow.md
index 13e1a45b3..35dd49aff 100644
--- a//transform/latest/userguide/transform-app-mainframe-workflow.md
+++ b//transform/latest/userguide/transform-app-mainframe-workflow.md
@@ -713 +713,12 @@ Reforge your code after refactoring by following these steps:
-  2. Provide the S3 location to your zipped buildable source project and choose **Continue**.
+  2. Provide the S3 location to your zipped buildable source project and choose **Continue**. Use this zip structure:
+    
+        input.zip
+            └── PROJECT-pom
+            ├── PROJECT-entities
+            ├── PROJECT-service
+            ├── PROJECT-tools
+            ├── PROJECT-web (optional)
+            └── pom.xml
+    
+
+AWS Transform analyzes your zip package to locate files within the PROJECT-service directory so that it can provide a selectable list of classes that you can reforge. These classes have the suffix `ProcessImpl.java`.
@@ -724 +735 @@ Once AWS Transform gets this input from you it gives you a downloadable file wit
-This is the zip structure for a successful reforge:
+This is the zip structure resulting from a successful reforge:
@@ -730 +741 @@ This is the zip structure for a successful reforge:
-    ├── tokenizer_map.json
+    └──tokenizer_map.json
@@ -734 +745 @@ This is the zip structure for a successful reforge:
-    * Files that have been refactored but whose compilation was not successfully finalized are located at `/src/main/resources/reforge/originalClassName.java.incomplete` and are named ``originalClassName.incomplete``. Compare these to the original versions of the files to choose reforged functions you want to save.
+    * Files that have been refactored but whose compilation was not successfully finalized are located at `/src/main/resources/reforge/originalClassName.java.incomplete` and are named ``originalClassName.java.incomplete``. Compare these to the original versions of the files to choose reforged functions you want to save.
@@ -736 +747 @@ This is the zip structure for a successful reforge:
-    * Source files provided to AWS Transform that were refactored successfully are backed up to `src/main/resources/reforge/originalClassName.java.original` and are named `originalClassName.original`. The refactored versions of the files replace the source files provided to AWS Transform.
+    * Source files provided to AWS Transform that were refactored successfully are backed up to `src/main/resources/reforge/originalClassName.java.original` and are named `originalClassName.java.original`. The refactored versions of the files replace the source files provided to AWS Transform.
@@ -744 +755 @@ The `originalClassName.java` files are replaced with the reforged files only if
-  * **tokenizer_map.json** contains logs that you can use to diagnose job failures or provide to AWS support in case of an issue.
+  * **tokenizer_map.json** contains a mapping of token IDs to your data, such as file paths and class/method names, that are tokenized in the logs for privacy protection. You can provide this file to AWS support in case of an issue.