AWS wellarchitected documentation change
Summary
Changed 'Amazon S3 Glacier Vault Lock' to 'Amazon Glacier Vault Lock' in security control documentation
Security assessment
This is a service name update in existing security documentation. While the context involves security controls (vault locking), the change itself only reflects branding terminology rather than introducing new security guidance or addressing a specific vulnerability.
Diff
diff --git a/wellarchitected/2022-03-31/framework/sec_protect_data_rest_access_control.md b/wellarchitected/2022-03-31/framework/sec_protect_data_rest_access_control.md index 3910d8d17..9178ab603 100644 --- a//wellarchitected/2022-03-31/framework/sec_protect_data_rest_access_control.md +++ b//wellarchitected/2022-03-31/framework/sec_protect_data_rest_access_control.md @@ -11 +11 @@ Enforce access control with least privileges and mechanisms, including backups, -Different controls including access (using least privilege), backups (see [Reliability whitepaper](https://docs.aws.amazon.com/wellarchitected/latest/reliability-pillar/welcome.html)), isolation, and versioning can all help protect your data at rest. Access to your data should be audited using detective mechanisms covered earlier in this paper including CloudTrail, and service level log, such as Amazon Simple Storage Service (Amazon S3) access logs. You should inventory what data is publicly accessible, and plan for how you can reduce the amount of data available over time. Amazon S3 Glacier Vault Lock and Amazon S3 Object Lock are capabilities providing mandatory access control—once a vault policy is locked with the compliance option, not even the root user can change it until the lock expires. The mechanism meets the Books and Records Management requirements of the SEC, CFTC, and FINRA. For more details, see [this whitepaper](https://d1.awsstatic.com/whitepapers/Amazon-GlacierVaultLock_CohassetAssessmentReport.pdf). +Different controls including access (using least privilege), backups (see [Reliability whitepaper](https://docs.aws.amazon.com/wellarchitected/latest/reliability-pillar/welcome.html)), isolation, and versioning can all help protect your data at rest. Access to your data should be audited using detective mechanisms covered earlier in this paper including CloudTrail, and service level log, such as Amazon Simple Storage Service (Amazon S3) access logs. You should inventory what data is publicly accessible, and plan for how you can reduce the amount of data available over time. Amazon Glacier Vault Lock and Amazon S3 Object Lock are capabilities providing mandatory access control—once a vault policy is locked with the compliance option, not even the root user can change it until the lock expires. The mechanism meets the Books and Records Management requirements of the SEC, CFTC, and FINRA. For more details, see [this whitepaper](https://d1.awsstatic.com/whitepapers/Amazon-GlacierVaultLock_CohassetAssessmentReport.pdf).