AWS prescriptive-guidance documentation change
Summary
Added period at end of sentence in Active Directory trust documentation
Security assessment
The change is purely grammatical (adding punctuation). The security guidance about trust relationships and selective authentication remains unchanged. No security impact or new security documentation added.
Diff
diff --git a/prescriptive-guidance/latest/security-reference-architecture/workplace-aws-managed-ad.md b/prescriptive-guidance/latest/security-reference-architecture/workplace-aws-managed-ad.md index 465f870c2..a9f828015 100644 --- a//prescriptive-guidance/latest/security-reference-architecture/workplace-aws-managed-ad.md +++ b//prescriptive-guidance/latest/security-reference-architecture/workplace-aws-managed-ad.md @@ -73 +73 @@ Based on these responsibilities, you have some influence over the security of yo - * To establish Active Directory trust relationships with AWS Managed Microsoft AD, create a forest trust. This type of trust allows for maximum Kerberos compatibility. We recommend that you use a one-way trust whenever possible, although some use cases require a two-way trust. Another option for trust security is to enable selective authentication on the trust. When you enable selective authentication, you must set the **Allowed to Authenticate** permission on each computer object the trusted user will access in addition to any other permissions that are required to access the computer object. For details, see the AWS blog post [Everything you wanted to know about trusts with AWS Managed Microsoft AD](https://aws.amazon.com/blogs/security/everything-you-wanted-to-know-about-trusts-with-aws-managed-microsoft-ad/) + * To establish Active Directory trust relationships with AWS Managed Microsoft AD, create a forest trust. This type of trust allows for maximum Kerberos compatibility. We recommend that you use a one-way trust whenever possible, although some use cases require a two-way trust. Another option for trust security is to enable selective authentication on the trust. When you enable selective authentication, you must set the **Allowed to Authenticate** permission on each computer object the trusted user will access in addition to any other permissions that are required to access the computer object. For details, see the AWS blog post [Everything you wanted to know about trusts with AWS Managed Microsoft AD](https://aws.amazon.com/blogs/security/everything-you-wanted-to-know-about-trusts-with-aws-managed-microsoft-ad/).