AWS Security ChangesHomeSearch

AWS managedservices documentation change

Service: managedservices · 2025-11-19 · Documentation low

File: managedservices/latest/userguide/offboarding-malz.md

Summary

Updated references from 'AWS CloudFormation' to 'CloudFormation' in offboarding documentation

Security assessment

Terminology standardization without security implications. Mentions SCP detachment but does not introduce new security controls or address vulnerabilities.

Diff

diff --git a/managedservices/latest/userguide/offboarding-malz.md b/managedservices/latest/userguide/offboarding-malz.md
index 1eab05361..ff22010b0 100644
--- a//managedservices/latest/userguide/offboarding-malz.md
+++ b//managedservices/latest/userguide/offboarding-malz.md
@@ -235,2 +235,2 @@ Security management (cont’d)  |  Core accounts  |  Trend Micro DSM infrastruct
-Change management  |  Application and Core accounts  |  AMS RFC console and API is removed  AMS custom service control policies (SCPs) that contain account-level access restrictions are detached during Application account offboarding, and deleted during Core account offboarding  |  You must use a native AWS API to create new resources, change existing resources, or update existing AWS CloudFormation stacks  Access restrictions are no longer imposed at the account-level through AMS provided SCPs  |  Make sure that user roles provide sufficient access to use AWS services  Create SCPs to provide account-level permission restrictions   
-AMS OS images and automations for service management  |  Application and Core accounts  |  AMS no longer provides support on customizations and launch scripts included in AMS provided EC2 AMIs  AMS provided EC2 AMIs remain available in your offboarded accounts  AMS provided Systems Manager Automation runbooks are unshared and no longer available for use  |  After offboarding, AMS provided AMIs launched with AWS CloudFormation send cfn-signal `FAILURE` because of missing dependencies on AMS components  Operational processes that depend on AMS provided Systems Manager Automation runbooks might fail  |  Review and update any build or operational processes that are dependent on AMS provided AMIs or Systems Manager Automation runbooks   
+Change management  |  Application and Core accounts  |  AMS RFC console and API is removed  AMS custom service control policies (SCPs) that contain account-level access restrictions are detached during Application account offboarding, and deleted during Core account offboarding  |  You must use a native AWS API to create new resources, change existing resources, or update existing CloudFormation stacks  Access restrictions are no longer imposed at the account-level through AMS provided SCPs  |  Make sure that user roles provide sufficient access to use AWS services  Create SCPs to provide account-level permission restrictions   
+AMS OS images and automations for service management  |  Application and Core accounts  |  AMS no longer provides support on customizations and launch scripts included in AMS provided EC2 AMIs  AMS provided EC2 AMIs remain available in your offboarded accounts  AMS provided Systems Manager Automation runbooks are unshared and no longer available for use  |  After offboarding, AMS provided AMIs launched with CloudFormation send cfn-signal `FAILURE` because of missing dependencies on AMS components  Operational processes that depend on AMS provided Systems Manager Automation runbooks might fail  |  Review and update any build or operational processes that are dependent on AMS provided AMIs or Systems Manager Automation runbooks