AWS prescriptive-guidance documentation change
Summary
Updated service references from 'AppStream 2.0' to 'WorkSpaces Applications' throughout the document, including titles, resource names, and blog post references. Security guidance content remains structurally identical but uses the new service naming.
Security assessment
The changes are purely branding/naming updates from 'AppStream 2.0' to 'WorkSpaces Applications' without modifying security recommendations or addressing vulnerabilities. All security controls (least privilege, certificate auth, session tags, monitoring) remain conceptually unchanged. No new security features or vulnerability mitigations were introduced.
Diff
diff --git a/prescriptive-guidance/latest/appstream-well-architected-framework/security.md b/prescriptive-guidance/latest/appstream-well-architected-framework/security.md index 85fa58c72..808c85dda 100644 --- a//prescriptive-guidance/latest/appstream-well-architected-framework/security.md +++ b//prescriptive-guidance/latest/appstream-well-architected-framework/security.md @@ -3 +3 @@ -[Documentation](/index.html)[AWS Prescriptive Guidance](https://aws.amazon.com/prescriptive-guidance/)[Applying the AWS Well-Architected Framework to Amazon AppStream 2.0](introduction.html) +[Documentation](/index.html)[AWS Prescriptive Guidance](https://aws.amazon.com/prescriptive-guidance/)[Applying the AWS Well-Architected Framework to Amazon WorkSpaces Applications](introduction.html) @@ -11 +11 @@ The [security pillar](https://docs.aws.amazon.com/wellarchitected/latest/framewo -Key focus areas for applying this pillar to your AppStream 2.0 streaming environment: +Key focus areas for applying this pillar to your WorkSpaces Applications streaming environment: @@ -26 +26 @@ Use minimum required permissions to access AWS resources while centralizing iden - * Grant least privileged permissions for AppStream 2.0 resources: + * Grant least privileged permissions for WorkSpaces Applications resources: @@ -28 +28 @@ Use minimum required permissions to access AWS resources while centralizing iden - * Create specific IAM roles for AppStream 2.0 fleets with minimal required permissions. + * Create specific IAM roles for WorkSpaces Applications fleets with minimal required permissions. @@ -32 +32 @@ Use minimum required permissions to access AWS resources while centralizing iden - * Restrict administrative access to AppStream 2.0 management functions. + * Restrict administrative access to WorkSpaces Applications management functions. @@ -66 +66 @@ Use minimum required permissions to access AWS resources while centralizing iden - * Configure certificate-based authentication for AppStream 2.0. For more information, see the AWS blog post [Simplify certificate-based authentication for AppStream 2.0 and WorkSpaces with AWS Private CA Connector for Active Directory](https://aws.amazon.com/blogs/desktop-and-application-streaming/simplify-certificate-based-authentication-for-appstream-2-0-and-workspaces-with-aws-private-ca-connector-for-active-directory/). + * Configure certificate-based authentication for WorkSpaces Applications. For more information, see the AWS blog post [Simplify certificate-based authentication for WorkSpaces Applications and WorkSpaces with AWS Private CA Connector for Active Directory](https://aws.amazon.com/blogs/desktop-and-application-streaming/simplify-certificate-based-authentication-for-appstream-2-0-and-workspaces-with-aws-private-ca-connector-for-active-directory/). @@ -68 +68 @@ Use minimum required permissions to access AWS resources while centralizing iden - * Use session tags to implement fine-grained access control. For more information, see the AWS blog post [Use session tags to simplify AppStream 2.0 permissions](https://aws.amazon.com/blogs/desktop-and-application-streaming/use-session-tags-to-simplify-appstream-2-0-permissions/). + * Use session tags to implement fine-grained access control. For more information, see the AWS blog post [Use session tags to simplify WorkSpaces Applications permissions](https://aws.amazon.com/blogs/desktop-and-application-streaming/use-session-tags-to-simplify-appstream-2-0-permissions/). @@ -79 +79 @@ Implement real-time monitoring and automated response systems for all environmen - * [Activate CloudTrail to log all AppStream 2.0 API calls](https://docs.aws.amazon.com/appstream2/latest/developerguide/logging-using-cloudtrail.html) and to track management events such as fleet creation and modifications, image builder operations, stack configurations, and user management activities. + * [Activate CloudTrail to log all WorkSpaces Applications API calls](https://docs.aws.amazon.com/appstream2/latest/developerguide/logging-using-cloudtrail.html) and to track management events such as fleet creation and modifications, image builder operations, stack configurations, and user management activities. @@ -81 +81 @@ Implement real-time monitoring and automated response systems for all environmen - * Monitor AppStream 2.0 instance activity: + * Monitor WorkSpaces Applications instance activity: @@ -93 +93 @@ Implement real-time monitoring and automated response systems for all environmen - * Track application usage patterns. [Enable AppStream 2.0 usage reports](https://docs.aws.amazon.com/appstream2/latest/developerguide/configure-usage-reports.html) to retrieve information such as session duration, start and end times, instance types used, and applications accessed. + * Track application usage patterns. [Enable WorkSpaces Applications usage reports](https://docs.aws.amazon.com/appstream2/latest/developerguide/configure-usage-reports.html) to retrieve information such as session duration, start and end times, instance types used, and applications accessed. @@ -101 +101 @@ Implement real-time monitoring and automated response systems for all environmen - * Use the EUC toolkit to track active sessions and states, monitor IP addresses for in-use active sessions, and export session data for auditing. For more information, see the AWS blog post [Use the EUC toolkit to manage Amazon AppStream 2.0 and Amazon WorkSpaces](https://aws.amazon.com/blogs/desktop-and-application-streaming/euc-toolkit/). + * Use the EUC toolkit to track active sessions and states, monitor IP addresses for in-use active sessions, and export session data for auditing. For more information, see the AWS blog post [Use the EUC toolkit to manage Amazon WorkSpaces Applications and Amazon WorkSpaces](https://aws.amazon.com/blogs/desktop-and-application-streaming/euc-toolkit/). @@ -114 +114 @@ Implement multiple layers of security controls across all components of your inf - * Place AppStream 2.0 fleet instances in private subnets that have no direct internet access. Control internet access through NAT devices. + * Place WorkSpaces Applications fleet instances in private subnets that have no direct internet access. Control internet access through NAT devices. @@ -126 +126 @@ Implement multiple layers of security controls across all components of your inf - * Implement attribute-based access control by using session tags. For more information, see the AWS blog post [Use session tags to simplify AppStream 2.0 permissions](https://aws.amazon.com/blogs/desktop-and-application-streaming/use-session-tags-to-simplify-appstream-2-0-permissions/). + * Implement attribute-based access control by using session tags. For more information, see the AWS blog post [Use session tags to simplify WorkSpaces Applications permissions](https://aws.amazon.com/blogs/desktop-and-application-streaming/use-session-tags-to-simplify-appstream-2-0-permissions/). @@ -155 +155 @@ Use automated, code-defined security controls in version-controlled templates to - * Use infrastructure as code (IaC) by using services such as AWS CloudFormation to implement consistent security configurations across all fleet deployments. For more information, see the AWS blog post [Automatically attach additional security groups to Amazon AppStream 2.0 and Amazon WorkSpaces](https://aws.amazon.com/blogs/desktop-and-application-streaming/automatically-attach-additional-security-groups-to-amazon-appstream-2-0-and-amazon-workspaces/). + * Use infrastructure as code (IaC) by using services such as AWS CloudFormation to implement consistent security configurations across all fleet deployments. For more information, see the AWS blog post [Automatically attach additional security groups to Amazon WorkSpaces Applications and Amazon WorkSpaces](https://aws.amazon.com/blogs/desktop-and-application-streaming/automatically-attach-additional-security-groups-to-amazon-appstream-2-0-and-amazon-workspaces/). @@ -187 +187 @@ Develop and practice incident response plans by using automated tools to enable - * Document response procedures for common AppStream 2.0 security scenarios such as: + * Document response procedures for common WorkSpaces Applications security scenarios such as: