AWS managedservices documentation change
Summary
Multiple changes replacing 'review required' with 'managed automation' in encryption and IAM role provisioning processes
Security assessment
Updates focus on process automation rather than security controls. Mentions of KMS encryption and IAM roles maintain existing security practices without introducing new features or addressing vulnerabilities.
Diff
diff --git a/managedservices/latest/onboardingguide/amz-eventbridge.md b/managedservices/latest/onboardingguide/amz-eventbridge.md index 4a8eada45..0372ae69c 100644 --- a//managedservices/latest/onboardingguide/amz-eventbridge.md +++ b//managedservices/latest/onboardingguide/amz-eventbridge.md @@ -23 +23 @@ The execution role, `customer_eventbridge_scheduler_execution_role` is an IAM ro -By default, EventBridge Scheduler uses AWS owned keys for EventBridge to encrypt the data. To use a customer managed key for EventBridge to encrypt the data, submit the RFC using the Management | AWS service | Self-provisioned service | [Add (review required)](https://docs.aws.amazon.com/managedservices/latest/ctref/management-aws-self-provisioned-service-add-review-required.html) change type (ct-3qe6io8t6jtny) for service provisioning. +By default, EventBridge Scheduler uses AWS owned keys for EventBridge to encrypt the data. To use a customer managed key for EventBridge to encrypt the data, submit the RFC using the Management | AWS service | Self-provisioned service | [Add (managed automation)](https://docs.aws.amazon.com/managedservices/latest/ctref/management-aws-self-provisioned-service-add-review-required.html) change type (ct-3qe6io8t6jtny) for service provisioning. @@ -31 +31 @@ You must submit AMS RFCs and create the following resources: Service roles to tr -You must request an EventBridge service role with an RFC using the Deployment | Advanced stack components | Identity and Access Management (IAM) | Create entity or policy (review required) change type (ct-3dpd8mdd9jn1r) prior to using EventBridge to trigger other AWS resources, such as AWS Batch, Lambda, Amazon SNS, Amazon SQS, or Amazon CloudWatch Logs resources. Specify the services to invoke when requesting your service role. To learn about permissions required to invoke targets, see [ Using Resource-Based Policies for EventBridge](https://docs.aws.amazon.com/eventbridge/latest/userguide/resource-based-policies-eventbridge.html). +You must request an EventBridge service role with an RFC using the Deployment | Advanced stack components | Identity and Access Management (IAM) | Create entity or policy (managed automation) change type (ct-3dpd8mdd9jn1r) prior to using EventBridge to trigger other AWS resources, such as AWS Batch, Lambda, Amazon SNS, Amazon SQS, or Amazon CloudWatch Logs resources. Specify the services to invoke when requesting your service role. To learn about permissions required to invoke targets, see [ Using Resource-Based Policies for EventBridge](https://docs.aws.amazon.com/eventbridge/latest/userguide/resource-based-policies-eventbridge.html). @@ -41 +41 @@ If your specific use case requires that you control and audit the encryption key -You must request an RFC using the Management | AWS service | Self-provisioned service | Add (review required) change type prior to using Amazon EventBridge to onboard the AWS KMS permission. +You must request an RFC using the Management | AWS service | Self-provisioned service | Add (managed automation) change type prior to using Amazon EventBridge to onboard the AWS KMS permission.