AWS wellarchitected documentation change
Summary
Replaced AppStream 2.0 with WorkSpaces Applications in network separation recommendations
Security assessment
Update reflects product naming changes while maintaining existing security advice about network segmentation. No evidence of addressing new vulnerabilities.
Diff
diff --git a/wellarchitected/latest/end-user-computing-lens/eucsec10-bp01.md b/wellarchitected/latest/end-user-computing-lens/eucsec10-bp01.md index 6e74ac7be..520468278 100644 --- a//wellarchitected/latest/end-user-computing-lens/eucsec10-bp01.md +++ b//wellarchitected/latest/end-user-computing-lens/eucsec10-bp01.md @@ -15 +15 @@ Separating end user systems from infrastructure, application servers, and data a -Enforce network separation between user instances and other services. EUC instances provided by Amazon WorkSpaces or AppStream 2.0 usually have network connectivity to other workloads in the same network subnet. The use of security groups within VPCs can restrict lateral movement and are recommended for implementation. For defense-in-depth, non-end user instances such as application servers, authentication providers, and other infrastructure services should reside on subnets different to those where user instances reside. +Enforce network separation between user instances and other services. EUC instances provided by Amazon WorkSpaces or WorkSpaces Applications usually have network connectivity to other workloads in the same network subnet. The use of security groups within VPCs can restrict lateral movement and are recommended for implementation. For defense-in-depth, non-end user instances such as application servers, authentication providers, and other infrastructure services should reside on subnets different to those where user instances reside.