AWS Security ChangesHomeSearch

AWS appstream2 documentation change

Service: appstream2 · 2025-11-07 · Documentation low

File: appstream2/latest/developerguide/certificate-based-authentication-prereq.md

Summary

Replaced 'AppStream 2.0' with 'WorkSpaces Applications' throughout certificate authentication prerequisites documentation

Security assessment

Changes consist of branding updates rather than substantive security content modifications. Existing security requirements for CRL access, CA tagging, and certificate management remain unchanged but use the new product name.

Diff

diff --git a/appstream2/latest/developerguide/certificate-based-authentication-prereq.md b/appstream2/latest/developerguide/certificate-based-authentication-prereq.md
index 278f3703f..3650823e6 100644
--- a//appstream2/latest/developerguide/certificate-based-authentication-prereq.md
+++ b//appstream2/latest/developerguide/certificate-based-authentication-prereq.md
@@ -3 +3 @@
-[Documentation](/index.html)[Amazon AppStream 2.0](/appstream2/index.html)[Administration Guide](what-is-appstream.html)
+[Documentation](/index.html)[Amazon WorkSpaces Applications](/appstream2/index.html)[Administration Guide](what-is-appstream.html)
@@ -15 +15 @@ Don't enable **Smart card sign in for Active Directory** in your stack if you wa
-  2. Use AppStream 2.0 agent version 10-13-2022 or later with your image. For more information, see [Keep Your Amazon AppStream 2.0 Image Up-to-Date](./keep-image-updated.html).
+  2. Use WorkSpaces Applications agent version 10-13-2022 or later with your image. For more information, see [Keep Your Amazon WorkSpaces Applications Image Up-to-Date](./keep-image-updated.html).
@@ -37 +37 @@ Don't enable **Smart card sign in for Active Directory** in your stack if you wa
-Certificate-based authentication requires an online CRL distribution point accessible from both the AppStream 2.0 fleet instance and the domain controller. This requires unauthenticated access to the Amazon S3 bucket configured for AWS Private CA CRL entries, or a CloudFront distribution with access to the Amazon S3 bucket if it blocks public access. For more information about these options, see [Planning a certificate revocation list (CRL)](https://docs.aws.amazon.com/privateca/latest/userguide/crl-planning.html).
+Certificate-based authentication requires an online CRL distribution point accessible from both the WorkSpaces Applications fleet instance and the domain controller. This requires unauthenticated access to the Amazon S3 bucket configured for AWS Private CA CRL entries, or a CloudFront distribution with access to the Amazon S3 bucket if it blocks public access. For more information about these options, see [Planning a certificate revocation list (CRL)](https://docs.aws.amazon.com/privateca/latest/userguide/crl-planning.html).
@@ -39 +39 @@ Certificate-based authentication requires an online CRL distribution point acces
-  6. Tag your private CA with a key entitled `euc-private-ca` to designate the CA for use with AppStream 2.0 certificate-based authentication. This key doesn't require a value. For more information, see [Managing tags for your private CA](https://docs.aws.amazon.com/privateca/latest/userguide/PcaCaTagging.html). For more information about the AWS managed policies used with AppStream 2.0 to grant permissions to resources in your AWS account, see [AWS Managed Policies Required to Access AppStream 2.0 Resources](./managed-policies-required-to-access-appstream-resources.html).
+  6. Tag your private CA with a key entitled `euc-private-ca` to designate the CA for use with WorkSpaces Applications certificate-based authentication. This key doesn't require a value. For more information, see [Managing tags for your private CA](https://docs.aws.amazon.com/privateca/latest/userguide/PcaCaTagging.html). For more information about the AWS managed policies used with WorkSpaces Applications to grant permissions to resources in your AWS account, see [AWS Managed Policies Required to Access WorkSpaces Applications Resources](./managed-policies-required-to-access-appstream-resources.html).
@@ -59 +59 @@ With AWS Managed Microsoft AD and Active Directory Certificate Services, you mus
-Make sure that the commands complete successfully, then remove the private CA certificate file. Depending on your Active Directory replication settings, it can take several minutes for the CA to publish to your domain controllers and AppStream 2.0 fleet instances.
+Make sure that the commands complete successfully, then remove the private CA certificate file. Depending on your Active Directory replication settings, it can take several minutes for the CA to publish to your domain controllers and WorkSpaces Applications fleet instances.
@@ -63 +63 @@ Make sure that the commands complete successfully, then remove the private CA ce
-Active Directory must distribute the CA to the Trusted Root Certification Authorities and Enterprise NTAuth stores automatically for AppStream 2.0 fleet instances when they join the domain.
+Active Directory must distribute the CA to the Trusted Root Certification Authorities and Enterprise NTAuth stores automatically for WorkSpaces Applications fleet instances when they join the domain.
@@ -68 +68 @@ Active Directory must distribute the CA to the Trusted Root Certification Author
-For Windows operating systems, the distribution of the CA (Certificate Authority) happens automatically. However, for Rocky Linux and Red Hat Enterprise Linux, you must download the root CA certificate(s) from the CA used by your AppStream 2.0 Directory Config. If your KDC root CA certificate(s) are different, you must also download those. Before using certificate-based authentication, it's necessary to import these certificates onto an image or snapshot.
+For Windows operating systems, the distribution of the CA (Certificate Authority) happens automatically. However, for Rocky Linux and Red Hat Enterprise Linux, you must download the root CA certificate(s) from the CA used by your WorkSpaces Applications Directory Config. If your KDC root CA certificate(s) are different, you must also download those. Before using certificate-based authentication, it's necessary to import these certificates onto an image or snapshot.
@@ -93 +93 @@ Below are instructions for downloading the root CA certificates:
-  3. Choose the private certificate used with your AppStream 2.0 Directory Config.
+  3. Choose the private certificate used with your WorkSpaces Applications Directory Config.
@@ -102 +102 @@ Below are instructions for downloading the root CA certificates:
-If the root CA certificates used by the KDCs are different from the root CA certificate used by your AppStream 2.0 Directory Config, follow these example steps to download them:
+If the root CA certificates used by the KDCs are different from the root CA certificate used by your WorkSpaces Applications Directory Config, follow these example steps to download them: