AWS appstream2 documentation change
Summary
Updated service name references from 'AppStream 2.0' to 'WorkSpaces Applications' throughout the document. Technical content about Private CA cross-account sharing for certificate-based authentication remains unchanged.
Security assessment
The changes are purely branding/naming updates without modifying security-related content. The PCA sharing process and security implications remain identical, just with the updated service name. No vulnerabilities or new security features are mentioned.
Diff
diff --git a/appstream2/latest/developerguide/pca-sharing.md b/appstream2/latest/developerguide/pca-sharing.md index 38ba5c0ec..befecd3d2 100644 --- a//appstream2/latest/developerguide/pca-sharing.md +++ b//appstream2/latest/developerguide/pca-sharing.md @@ -3 +3 @@ -[Documentation](/index.html)[Amazon AppStream 2.0](/appstream2/index.html)[Administration Guide](what-is-appstream.html) +[Documentation](/index.html)[Amazon WorkSpaces Applications](/appstream2/index.html)[Administration Guide](what-is-appstream.html) @@ -7 +7 @@ -Private CA (PCA) cross-account sharing offers the ability to grant permissions for other accounts to use a centralized CA. The CA can generate and issue certificates by using [AWS Resource Access Manager](https://aws.amazon.com/ram/) (RAM) to manage the permissions. This removes the need for a Private CA in every account. Private CA cross-account sharing can be used with AppStream 2.0 certificate-based Authentication (CBA) within the same AWS Region. +Private CA (PCA) cross-account sharing offers the ability to grant permissions for other accounts to use a centralized CA. The CA can generate and issue certificates by using [AWS Resource Access Manager](https://aws.amazon.com/ram/) (RAM) to manage the permissions. This removes the need for a Private CA in every account. Private CA cross-account sharing can be used with WorkSpaces Applications certificate-based Authentication (CBA) within the same AWS Region. @@ -9 +9 @@ Private CA (PCA) cross-account sharing offers the ability to grant permissions f -To use a shared Private CA resource with AppStream 2.0 CBA, complete the following steps: +To use a shared Private CA resource with WorkSpaces Applications CBA, complete the following steps: @@ -13 +13 @@ To use a shared Private CA resource with AppStream 2.0 CBA, complete the followi - 2. Share the Private CA with the resource AWS accounts where AppStream 2.0 resources utilize CBA. To do this, follow the steps in [How to use AWS RAM to share your ACM Private CA cross-account](https://aws.amazon.com/blogs/security/how-to-use-aws-ram-to-share-your-acm-private-ca-cross-account/). You do not need to complete step 3 to create a certificate. You can either share the Private CA with individual AWS accounts, or share through AWS Organizations. If you share with individual accounts, you need to accept the shared Private CA in your resource account by using the AWS Resource Access Manager console or APIs. + 2. Share the Private CA with the resource AWS accounts where WorkSpaces Applications resources utilize CBA. To do this, follow the steps in [How to use AWS RAM to share your ACM Private CA cross-account](https://aws.amazon.com/blogs/security/how-to-use-aws-ram-to-share-your-acm-private-ca-cross-account/). You do not need to complete step 3 to create a certificate. You can either share the Private CA with individual AWS accounts, or share through AWS Organizations. If you share with individual accounts, you need to accept the shared Private CA in your resource account by using the AWS Resource Access Manager console or APIs. @@ -15 +15 @@ To use a shared Private CA resource with AppStream 2.0 CBA, complete the followi -When configuring the share, confirm that the AWS Resource Access Manager resource share for the Private CA in the resource account is using the `AWSRAMBlankEndEntityCertificateAPICSRPassthroughIssuanceCertificateAuthority` managed permission template. This template aligns with the PCA template used by the AppStream 2.0 service role when issuing CBA certificates. +When configuring the share, confirm that the AWS Resource Access Manager resource share for the Private CA in the resource account is using the `AWSRAMBlankEndEntityCertificateAPICSRPassthroughIssuanceCertificateAuthority` managed permission template. This template aligns with the PCA template used by the WorkSpaces Applications service role when issuing CBA certificates. @@ -19 +19 @@ When configuring the share, confirm that the AWS Resource Access Manager resourc - 4. Use the API or CLI to associate the Private CA ARN with CBA in your AppStream 2.0 Directory Config. At this time, the AppStream 2.0 console does not support selection of shared Private CA ARNs. The following are example CLI commands: + 4. Use the API or CLI to associate the Private CA ARN with CBA in your WorkSpaces Applications Directory Config. At this time, the WorkSpaces Applications console does not support selection of shared Private CA ARNs. The following are example CLI commands: