AWS Security ChangesHomeSearch

AWS prescriptive-guidance documentation change

Service: prescriptive-guidance · 2025-10-16 · Documentation low

File: prescriptive-guidance/latest/transitioning-to-multiple-aws-accounts/centralized-egress.md

Summary

Clarified centralized egress implementation by changing 'inspection point' to 'entry point' and adding inspection setup note

Security assessment

Improves explanation of existing security practice (traffic inspection) but doesn't introduce new security features or address specific vulnerabilities

Diff

diff --git a/prescriptive-guidance/latest/transitioning-to-multiple-aws-accounts/centralized-egress.md b/prescriptive-guidance/latest/transitioning-to-multiple-aws-accounts/centralized-egress.md
index 4d5391927..5d88fce3f 100644
--- a//prescriptive-guidance/latest/transitioning-to-multiple-aws-accounts/centralized-egress.md
+++ b//prescriptive-guidance/latest/transitioning-to-multiple-aws-accounts/centralized-egress.md
@@ -9 +9 @@ Best practices for securing egress traffic
- _Centralized egress_ is the principle of using a single, common inspection point for all network traffic destined to the internet. At this inspection point, you can allow traffic only to specified domains or only through specified ports or protocols. Centralizing egress also can help you reduce costs by eliminating the need to deploy NAT gateways in each of your VPCs in order to reach the internet. This is beneficial from a security perspective because it limits exposure to externally accessible malicious resources, such as malware command and control (C&C) infrastructure. For more information and architecture options for centralized egress, see [Centralized egress to internet](https://docs.aws.amazon.com/whitepapers/latest/building-scalable-secure-multi-vpc-network-infrastructure/centralized-egress-to-internet.html) (AWS Whitepaper).
+ _Centralized egress_ is the principle of using a single, common entry point for all network traffic that is destined to the internet. You can set up inspection at this entry point, and you can allow traffic only to specified domains or only through specified ports or protocols. Centralizing egress also can help you reduce costs by eliminating the need to deploy NAT gateways in each of your VPCs in order to reach the internet. This is beneficial from a security perspective because it limits exposure to externally accessible malicious resources, such as malware command and control (C&C) infrastructure. For more information and architecture options for centralized egress, see [Centralized egress to internet](https://docs.aws.amazon.com/whitepapers/latest/building-scalable-secure-multi-vpc-network-infrastructure/centralized-egress-to-internet.html) (AWS Whitepaper).