AWS Security ChangesHomeSearch

AWS wellarchitected documentation change

Service: wellarchitected · 2025-11-07 · Documentation low

File: wellarchitected/latest/end-user-computing-lens/eucsec10-bp02.md

Summary

Updated AppStream 2.0 references to WorkSpaces Applications in network security controls documentation

Security assessment

Changes update product names while preserving security recommendations about port restrictions and endpoint protection. Maintains existing security guidance without addressing specific vulnerabilities.

Diff

diff --git a/wellarchitected/latest/end-user-computing-lens/eucsec10-bp02.md b/wellarchitected/latest/end-user-computing-lens/eucsec10-bp02.md
index eca61e3fb..e47bc6ec0 100644
--- a//wellarchitected/latest/end-user-computing-lens/eucsec10-bp02.md
+++ b//wellarchitected/latest/end-user-computing-lens/eucsec10-bp02.md
@@ -15 +15 @@ Restrict use of network ports on end user systems to reduce the potential exposu
-Implement networking security controls on Amazon EUC instances. AWS provides several services and capabilities that can help you secure AWS EUC instances for Amazon WorkSpaces and AppStream 2.0. In addition to these services, consider OS capabilities and additional software to provide the required level of security. 
+Implement networking security controls on Amazon EUC instances. AWS provides several services and capabilities that can help you secure AWS EUC instances for Amazon WorkSpaces and WorkSpaces Applications. In addition to these services, consider OS capabilities and additional software to provide the required level of security. 
@@ -30 +30 @@ For AWS networking, the following services and features should be evaluated:
-Consider these services to create a baseline of network security. Additionally, review and explore [best practices for VPC and networking in WorkSpaces](https://d1.awsstatic.com/whitepapers/best-practices-vpcs-networking-amazon-workspaces-deployments.pdf), as well as [best practices for deploying AppStream 2.0](https://docs.aws.amazon.com/whitepapers/latest/best-practices-for-deploying-amazon-appstream-2/best-practices-for-deploying-amazon-appstream-2.html), as you evaluate your network security. 
+Consider these services to create a baseline of network security. Additionally, review and explore [best practices for VPC and networking in WorkSpaces](https://d1.awsstatic.com/whitepapers/best-practices-vpcs-networking-amazon-workspaces-deployments.pdf), as well as [best practices for deploying WorkSpaces Applications](https://docs.aws.amazon.com/whitepapers/latest/best-practices-for-deploying-amazon-appstream-2/best-practices-for-deploying-amazon-appstream-2.html), as you evaluate your network security. 
@@ -32 +32 @@ Consider these services to create a baseline of network security. Additionally,
-In addition to AWS security capabilities and services, when users require access to the Internet from browsers installed in Amazon WorkSpaces or AppStream 2.0 instances, consider using a web proxy to log web site access and implement restrictions on where users can browse. 
+In addition to AWS security capabilities and services, when users require access to the Internet from browsers installed in Amazon WorkSpaces or WorkSpaces Applications instances, consider using a web proxy to log web site access and implement restrictions on where users can browse. 
@@ -34 +34 @@ In addition to AWS security capabilities and services, when users require access
-In Amazon WorkSpaces and AppStream 2.0 instances, consider existing OS software to harden the instances. For example, you can use host-based firewalls available within the operating system to restrict accessible ports in your instances. In addition, consider endpoint protection software to identify and mitigate security risks that may be introduced into the environment using software local to the instances. For detail on the ports required by Amazon WorkSpaces and AppStream 2.0, see the following: 
+In Amazon WorkSpaces and WorkSpaces Applications instances, consider existing OS software to harden the instances. For example, you can use host-based firewalls available within the operating system to restrict accessible ports in your instances. In addition, consider endpoint protection software to identify and mitigate security risks that may be introduced into the environment using software local to the instances. For detail on the ports required by Amazon WorkSpaces and WorkSpaces Applications, see the following: 
@@ -36 +36 @@ In Amazon WorkSpaces and AppStream 2.0 instances, consider existing OS software
-  * [List of ports required by Amazon AppStream 2.0](https://docs.aws.amazon.com/appstream2/latest/developerguide/creating-streaming-from-interface-vpc-endpoints.html)
+  * [List of ports required by Amazon WorkSpaces Applications](https://docs.aws.amazon.com/appstream2/latest/developerguide/creating-streaming-from-interface-vpc-endpoints.html)