AWS directoryservice documentation change
Summary
Minor grammatical correction in AWS Reserved OU ACLs Test description (changed 'non-AWS entities' to 'entities non-AWS')
Security assessment
The change is a grammatical adjustment without altering security guidance. The security recommendations for OU ACL permissions remain unchanged.
Diff
diff --git a/directoryservice/latest/admin-guide/assessment_test_error-msgs.md b/directoryservice/latest/admin-guide/assessment_test_error-msgs.md index 01faa5348..40c7597ec 100644 --- a//directoryservice/latest/admin-guide/assessment_test_error-msgs.md +++ b//directoryservice/latest/admin-guide/assessment_test_error-msgs.md @@ -19 +19 @@ AWS Reserved Group Membership Test | `testValidateAwsReservedGroupMembership` | -AWS Reserved OU ACLs Test | `testReservedOuAclsPermissions` | `RESERVED_OU_NON_COMPLIANT_AC` | `AWS Reserved OU ACLs permissions are invalid.` | Occurs if the AWS Reserved OU ACLs on your self-managed AD do not enforce read-only permissions for non-AWS entities and do not prevent unauthorized access to AWS-managed resources. | Review and correct the permissions on the AWS Reserved OU ACLs on your self-managed AD. Ensure that non-AWS entities have only have read permissions (`ListChildren`, `ReadProperty`, `ListObject`, `ReadControl`, `GenericRead`, `Synchronize`) and remove any excessive permissions. +AWS Reserved OU ACLs Test | `testReservedOuAclsPermissions` | `RESERVED_OU_NON_COMPLIANT_AC` | `AWS Reserved OU ACLs permissions are invalid.` | Occurs if the AWS Reserved OU ACLs on your self-managed AD do not enforce read-only permissions for entities non-AWS and do not prevent unauthorized access to AWS-managed resources. | Review and correct the permissions on the AWS Reserved OU ACLs on your self-managed AD. Ensure that non-AWS entities have only have read permissions (`ListChildren`, `ReadProperty`, `ListObject`, `ReadControl`, `GenericRead`, `Synchronize`) and remove any excessive permissions.