AWS AWSEC2 documentation change
Summary
Minor text edits and removed 'Amazon Linux 2023' from sample image description
Security assessment
Clarifies Attestable AMI documentation but does not introduce new security features or address vulnerabilities.
Diff
diff --git a/AWSEC2/latest/UserGuide/attestable-ami.md b/AWSEC2/latest/UserGuide/attestable-ami.md index c7178c8d1..ee749fb08 100644 --- a//AWSEC2/latest/UserGuide/attestable-ami.md +++ b//AWSEC2/latest/UserGuide/attestable-ami.md @@ -9 +9 @@ Maintaining an Attestable StateRequirements for creating Attestable AMIsCreating -An Attestable AMI is an Amazon Machine Image with a corresponding cryptographic hash that represents all of its contents. The hash is generated during the AMI creation process, and it is calculated based on the entire contents of that AMI, including the applications, code, and boot process. +An Attestable AMI is an Amazon Machine Image (AMI) with a corresponding cryptographic hash that represents all of its contents. The hash is generated during the AMI creation process, and it is calculated based on the entire contents of that AMI, including the applications, code, and boot process. @@ -13 +13 @@ An Attestable AMI is an Amazon Machine Image with a corresponding cryptographic -An instance's measurements are based on its boot initial state. Any software or code changes made to the instance after launch and that persist after restarts will change the instance's measurement after restarts. If the measurements are altered, they deviate from the reference measurements of the Attestable AMI, and the instance will no longer be able to successfully attest to AWS KMS after the instance restarts. Therefore, for Attestable AMIs to be useful, instances need to return to their original boot state after they restart. +An instance's measurements are based on its initial boot state. Any software or code changes made to the instance after launch and that persist after restarts will change the instance's measurement after restarts. If the measurements are altered, they deviate from the reference measurements of the Attestable AMI, and the instance will no longer be able to successfully attest to AWS KMS after the instance restarts. Therefore, for Attestable AMIs to be useful, instances need to return to their original boot state after they restart. @@ -43 +43 @@ Attestable AMIs have the following requirements: - * [Build the sample Amazon Linux 2023 image description](./build-sample-ami.html) + * [Build the sample image description](./build-sample-ami.html) @@ -72 +72 @@ EC2 instance attestation -Build the sample Amazon Linux 2023 image description +Build the sample image description