AWS fsx documentation change
Summary
Added documentation for providing Active Directory service account credentials via AWS Secrets Manager or plaintext, with clearer formatting and examples
Security assessment
The change promotes secure credential storage by introducing AWS Secrets Manager integration as a preferred option, but does not address a specific disclosed vulnerability. This is a security best practice enhancement rather than a response to a security incident.
Diff
diff --git a/fsx/latest/ONTAPGuide/self-managed-AD-join.md b/fsx/latest/ONTAPGuide/self-managed-AD-join.md index 9681223e8..47669cde6 100644 --- a//fsx/latest/ONTAPGuide/self-managed-AD-join.md +++ b//fsx/latest/ONTAPGuide/self-managed-AD-join.md @@ -57 +57,9 @@ The DNS server IP addresses and Active Directory domain controller IP addresses - * Username and password for a service account on your Active Directory domain for Amazon FSx to use when joining the SVM to the Active Directory domain. For more information about service account requirements, see [Active Directory service account requirements](./self-manage-prereqs.html#ontap-ad-service-account-prereqs). + * Credentials for an Active Directory service account that Amazon FSx uses to join the SVM to your domain. You can provide these as either: + + * **Option 1:** AWS Secrets Manager secret ARN - The secret containing the username and password for a service account on your Active Directory domain. For more information, see [Storing Active Directory credentials using AWS Secrets Manager](./self-managed-AD-best-practices.html#bp-store-ad-creds-using-secret-manager). + + * **Option 2:** Plaintext credentials + + * **Service account username** – The user name of the service account in your existing Microsoft Active Directory. Don't include a domain prefix or suffix. For example, for `EXAMPLE\ADMIN`, use only `ADMIN`. + + * **Service account password** – The password for the service account.