AWS solutions medium security documentation change
Summary
Added critical upgrade instructions and warnings about automated remediations/log retention during updates
Security assessment
Explicitly warns about potential security control disablement (automated remediations) during updates and provides mitigation steps. Failure to follow could leave security issues unaddressed. Also adds version-specific upgrade requirements to prevent deployment failures.
Diff
diff --git a/solutions/latest/automated-security-response-on-aws/update-the-solution.md b/solutions/latest/automated-security-response-on-aws/update-the-solution.md index 1c5850009..21cae68c8 100644 --- a//solutions/latest/automated-security-response-on-aws/update-the-solution.md +++ b//solutions/latest/automated-security-response-on-aws/update-the-solution.md @@ -5 +5 @@ -Upgrading from versions prior to v1.4Upgrading from v1.4 and laterUpgrading from v2.0.x +Upgrading from versions prior to v1.4Upgrading from v1.4 and laterUpgrading from v2.0.xUpgrading from v2.1.4 or earlier @@ -8,0 +9,9 @@ Upgrading from versions prior to v1.4Upgrading from v1.4 and laterUpgrading from +###### Important + + * When updating the solution, automated remediation rules may need to be re-enabled manually in the Admin account. Refer to [Enable fully-automated remediations](https://docs.aws.amazon.com/solutions/latest/automated-security-response-on-aws/enable-fully-automated-remediations.html). + + * If you are using the `Reuse Orchestrator Log Group` parameter to retain logs, ensure it is set appropriately during stack update to avoid log group recreation or loss of log retention settings. Refer to [Deploy the solution](https://docs.aws.amazon.com/solutions/latest/automated-security-response-on-aws/deployment.html). If you are performing a stack update to v2.3.0+ from an earlier version choose "no" + + + + @@ -41,7 +50 @@ If you are upgrading from v2.0.x, upgrade to v2.1.2 or later. Updating to v2.1.0 -###### Note - - * When updating the solution, automated remediation rules may need to be re-enabled manually in the Admin account. Refer to [Enable fully-automated remediations](https://docs.aws.amazon.com/solutions/latest/automated-security-response-on-aws/enable-fully-automated-remediations.html). - - * If you are using the `Reuse Orchestrator Log Group` parameter to retain logs, ensure it is set appropriately during stack update to avoid log group recreation or loss of log retention settings. Refer to [Deploy the solution](https://docs.aws.amazon.com/solutions/latest/automated-security-response-on-aws/deployment.html). If you are performing a stack update to v2.3.0+ from an earlier version choose "no" - - +## Upgrading from v2.1.4 or earlier @@ -48,0 +52 @@ If you are upgrading from v2.0.x, upgrade to v2.1.2 or later. Updating to v2.1.0 +If you are upgrading from v2.1.4 or earlier, **you must upgrade to v2.3.0 before upgrading to any version higher than v2.3.0.** Otherwise, the stack update operation will fail. Alternatively, you can delete and re-deploy the solution’s stacks rather than performing a stack update.