AWS wellarchitected documentation change
Summary
Removed hyperlinks from examples of security guardrails (SCPs and AWS Config rules)
Security assessment
Formatting change to remove URLs while retaining security control descriptions. Does not alter security guidance or address vulnerabilities.
Diff
diff --git a/wellarchitected/latest/management-and-governance-guide/controls.md b/wellarchitected/latest/management-and-governance-guide/controls.md index 9524918c4..ddf2bcb86 100644 --- a//wellarchitected/latest/management-and-governance-guide/controls.md +++ b//wellarchitected/latest/management-and-governance-guide/controls.md @@ -9 +9 @@ A _control_ is a means of mitigating or detecting an issue that is a consequence -Preventive guardrails enforce specific policies to help ensure that your accounts operate in alignment to compliance standards, and disallow actions that lead to policy violations. Control what your AWS accounts can do by only permitting specific services, Regions, and service actions at the appropriate level. AWS Organizations provides service control policies (SCPs) to apply permission guardrails at the organization, organizational unit, or account level. For example, you can apply an SCP that restricts users from launching resources in Regions that you have not explicitly allowed. Or, you can create an SCP to [Disallow creation of access keys for the root user](https://docs.aws.amazon.com/controltower/latest/userguide/strongly-recommended-guardrails.html#disallow-root-access-keys). This would help secure your AWS accounts by disallowing creation of access keys for the root user, thereby reducing risk of unrestricted access to all resources in the account. +Preventive guardrails enforce specific policies to help ensure that your accounts operate in alignment to compliance standards, and disallow actions that lead to policy violations. Control what your AWS accounts can do by only permitting specific services, Regions, and service actions at the appropriate level. AWS Organizations provides service control policies (SCPs) to apply permission guardrails at the organization, organizational unit, or account level. For example, you can apply an SCP that restricts users from launching resources in Regions that you have not explicitly allowed. Or, you can create an SCP to Disallow creation of access keys for the root user. This would help secure your AWS accounts by disallowing creation of access keys for the root user, thereby reducing risk of unrestricted access to all resources in the account. @@ -11 +11 @@ Preventive guardrails enforce specific policies to help ensure that your account -Detective guardrails detect and alert on unexpected activity and noncompliance of resources within your accounts, such as policy violations. These are helpful in alerting when something requires remediation (either manual or automated). For example, you can create an AWS Config rule to [Detect whether public write access to Amazon S3 Buckets is allowed](https://docs.aws.amazon.com/controltower/latest/userguide/strongly-recommended-guardrails.html#s3-disallow-public-write). This rule detects whether public write access is permitted to Amazon S3 buckets. You can use this alert to initiate remediation with a Systems Manager automation document, or a procedure outlined in your ITSM tools. +Detective guardrails detect and alert on unexpected activity and noncompliance of resources within your accounts, such as policy violations. These are helpful in alerting when something requires remediation (either manual or automated). For example, you can create an AWS Config rule to Detect whether public write access to Amazon S3 Buckets is allowed. This rule detects whether public write access is permitted to Amazon S3 buckets. You can use this alert to initiate remediation with a Systems Manager automation document, or a procedure outlined in your ITSM tools.