AWS Security ChangesHomeSearch

AWS managedservices documentation change

Service: managedservices · 2025-08-19 · Documentation medium

File: managedservices/latest/userguide/tr-configure-remediations.md

Summary

Added parameters for Compute Optimizer EC2 remediation controls (allow-upscale, min-savings-percentage)

Security assessment

Introduces safety controls for automated remediation (defaulting to no upscaling, requiring minimum savings threshold). These parameters help prevent unintended resource modifications, enhancing security posture but not addressing a specific known vulnerability.

Diff

diff --git a/managedservices/latest/userguide/tr-configure-remediations.md b/managedservices/latest/userguide/tr-configure-remediations.md
index d5567da08..9c74db7a6 100644
--- a//managedservices/latest/userguide/tr-configure-remediations.md
+++ b//managedservices/latest/userguide/tr-configure-remediations.md
@@ -16,0 +17,9 @@ The remediation of Trusted Advisor findings is currently configured using AWS Ap
+Compute Optimizer -> EC2 instances feature flag has extra parameters:
+
+  * **allow-upscale** To allow upscale under-provisioned not-optimized EC2 instances. The default value is "false".
+
+  * **min-savings-opportunity-percentage** The minimum savings percentage opportunity for automated remediation. The default value is 10%
+
+
+
+
@@ -75 +84 @@ With the preceding configurations set on your resources, check remediation behav
-  * Resources tagged with `Environment=Non-Production` are remediated automatically.
+  * Resources tagged with 'Environment=Non-Production' are remediated automatically.
@@ -77 +86 @@ With the preceding configurations set on your resources, check remediation behav
-  * Resources tagged with `Environment=Production` require manual intervention for remediation. 
+  * Resources tagged with 'Environment=Production' require manual intervention for remediation. 
@@ -79 +88 @@ With the preceding configurations set on your resources, check remediation behav
-  * Resources without the `Environment` tag follow the default execution mode (`Conditional`, in this case. So, no actions is taken on the remaining resources).
+  * Resources without the 'Environment' tag follow the default execution mode (`Conditional`, in this case. So, no actions is taken on the remaining resources).