AWS keyspaces documentation change
Summary
Added IPv6 security group rules and dual-stack endpoint guidance
Security assessment
Introduces IPv6 security group rules (HTTP/HTTPS/SSH) and dual-stack endpoint configuration, which relates to network security hardening for modern protocols. However, no specific vulnerability is addressed.
Diff
diff --git a/keyspaces/latest/devguide/vpc-endpoints-tutorial.configure-ec2-instance.md b/keyspaces/latest/devguide/vpc-endpoints-tutorial.configure-ec2-instance.md index 2004cfe7c..76b2d071f 100644 --- a//keyspaces/latest/devguide/vpc-endpoints-tutorial.configure-ec2-instance.md +++ b//keyspaces/latest/devguide/vpc-endpoints-tutorial.configure-ec2-instance.md @@ -43 +43 @@ On the bottom of the page, confirm the configuration settings and choose **Creat - 6. In **Change Security Groups** , select the security group that you created earlier in this procedure (for example, `my-ssh-access`). The existing `default` security group should also be selected. Confirm the configuration settings and choose **Assign Security Groups**. + 6. In **Change Security Groups** , go to **Associated security groups** and enter the security group that you created earlier in this procedure (for example, `my-ssh-access`). The existing `default` security group should also be selected. Confirm the configuration settings and choose **Save**. @@ -94 +94 @@ The output should look like this: - 6. You have to use a `cqlsh` connection to Amazon Keyspaces to confirm that your VPC endpoint has been configured correctly. If you use your local environment or the Amazon Keyspaces CQL editor in the AWS Management Console, the connection automatically goes through the public endpoint instead of your VPC endpoint. To use `cqlsh` to test your VPC endpoint connection in this tutorial, complete the setup instructions in [Using cqlsh to connect to Amazon Keyspaces](./programmatic.cqlsh.html). + 6. Add rules to your VPCs security group that allow inbound HTTP, HTTPS, and SSH access from IPv6 addresses. @@ -95,0 +96 @@ The output should look like this: + 7. To confirm that your VPC endpoint has been configured correctly, you have to use a `cqlsh` connection to Amazon Keyspaces. If you use your local environment or the Amazon Keyspaces CQL editor in the AWS Management Console, the connection automatically goes through the public endpoint instead of your VPC endpoint. To use `cqlsh` to test your VPC endpoint connection in this tutorial, complete the setup instructions in [Using cqlsh to connect to Amazon Keyspaces](./programmatic.cqlsh.html). @@ -99 +100,2 @@ The output should look like this: -You are now ready to create a VPC endpoint for Amazon Keyspaces. + +You are now ready to create a dual-stack VPC endpoint for Amazon Keyspaces.