AWS Security ChangesHomeSearch

AWS sap documentation change

Service: sap · 2025-10-25 · Documentation medium

File: sap/latest/sap-netweaver/sles-netweaver-ha-settings.md

Summary

Added AWS CLI instructions to disable source/destination check and console guidance for instance termination settings

Security assessment

New documentation about network interface configuration (source/destination checks) and termination protection enhances security configuration guidance but does not fix a specific vulnerability.

Diff

diff --git a/sap/latest/sap-netweaver/sles-netweaver-ha-settings.md b/sap/latest/sap-netweaver/sles-netweaver-ha-settings.md
index 005537caf..8bbf9c1a6 100644
--- a//sap/latest/sap-netweaver/sles-netweaver-ha-settings.md
+++ b//sap/latest/sap-netweaver/sles-netweaver-ha-settings.md
@@ -178,2 +178,2 @@ The SLES STONITH resource agent (`external/ec2`) requires permission to start an
-            "arn:aws:ec2:<region>:<account_id>:instance/<instance_id_1>",
-            "arn:aws:ec2:<region>:<account_id>:instance/<instance_id_2>"
+            "arn:aws:ec2:us-east-1:123456789012:instance/arn:aws:ec2:us-east-1:123456789012:instance/i-1234567890abcdef0",
+            "arn:aws:ec2:us-east-1:123456789012:instance/arn:aws:ec2:us-east-1:123456789012:instance/i-1234567890abcdef0"
@@ -197,2 +197,2 @@ The SLES Overlay IP resource agent (`aws-vpc-move-ip`) requires permission to mo
-                     "arn:aws:ec2:<region>:<account_id>:route-table/<rtb_id_1>",
-                     "arn:aws:ec2:<region>:<account_id>:route-table/<rtb_id_2>"
+                     "arn:aws:ec2:us-east-1:123456789012:route-table/rtb-0123456789abcdef0",
+                     "arn:aws:ec2:us-east-1:123456789012:route-table/rtb-0123456789abcdef0"
@@ -242,0 +243,2 @@ AWS CLI
+Use the [modify-instance-attribute](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ec2/modify-instance-attribute.html) command to disable source/destination check.
+
@@ -253,0 +256,2 @@ AWS Management Console
+Ensure that the **Stop** option is checked in [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/).
+
@@ -768,2 +772,2 @@ After the IAM role has been created, create the following IAM policy on the shar
-            "arn:aws:ec2:<region>:<sharing_vpc_account_id>:route_table/<rtb_id_1>",
-            "arn:aws:ec2:<region>:<sharing_vpc_account_id>:route_table/<rtb_id_2>"
+            "arn:aws:ec2:us-east-1:123456789012:route-table/rtb-0123456789abcdef0",
+            "arn:aws:ec2:us-east-1:123456789012:route-table/rtb-0123456789abcdef0"
@@ -797 +801 @@ In cluster account, create the following IAM policy, and attach it to an IAM rol
-          "Resource": "arn:aws:iam::<sharing_vpc_account_id>:role/<sharing _vpc-account-cluster-role>"
+          "Resource": "arn:aws:iam::123456789012:role/sharing-vpc-account-cluster-role"
@@ -816,2 +820,2 @@ In cluster account, create the following IAM policy, and attach it to an IAM rol
-            "arn:aws:ec2:<region>:<cluster_account_id>:instance/<instance_id_1>",
-            "arn:aws:ec2:<region>:<cluster_account_id>:instance/<instance_id_2>"
+            "arn:aws:ec2:us-east-1:123456789012:instance/arn:aws:ec2:us-east-1:123456789012:instance/i-1234567890abcdef0",
+            "arn:aws:ec2:us-east-1:123456789012:instance/arn:aws:ec2:us-east-1:123456789012:instance/i-1234567890abcdef0"