AWS Security ChangesHomeSearch

AWS wellarchitected documentation change

Service: wellarchitected · 2025-11-07 · Documentation low

File: wellarchitected/latest/end-user-computing-lens/eucsec10-bp01.md

Summary

Replaced AppStream 2.0 with WorkSpaces Applications in network separation recommendations

Security assessment

Update reflects product naming changes while maintaining existing security advice about network segmentation. No evidence of addressing new vulnerabilities.

Diff

diff --git a/wellarchitected/latest/end-user-computing-lens/eucsec10-bp01.md b/wellarchitected/latest/end-user-computing-lens/eucsec10-bp01.md
index 6e74ac7be..520468278 100644
--- a//wellarchitected/latest/end-user-computing-lens/eucsec10-bp01.md
+++ b//wellarchitected/latest/end-user-computing-lens/eucsec10-bp01.md
@@ -15 +15 @@ Separating end user systems from infrastructure, application servers, and data a
-Enforce network separation between user instances and other services. EUC instances provided by Amazon WorkSpaces or AppStream 2.0 usually have network connectivity to other workloads in the same network subnet. The use of security groups within VPCs can restrict lateral movement and are recommended for implementation. For defense-in-depth, non-end user instances such as application servers, authentication providers, and other infrastructure services should reside on subnets different to those where user instances reside. 
+Enforce network separation between user instances and other services. EUC instances provided by Amazon WorkSpaces or WorkSpaces Applications usually have network connectivity to other workloads in the same network subnet. The use of security groups within VPCs can restrict lateral movement and are recommended for implementation. For defense-in-depth, non-end user instances such as application servers, authentication providers, and other infrastructure services should reside on subnets different to those where user instances reside.