AWS managedservices documentation change
Summary
Updated references from 'AWS CloudFormation' to 'CloudFormation' in offboarding documentation
Security assessment
Terminology standardization without security implications. Mentions SCP detachment but does not introduce new security controls or address vulnerabilities.
Diff
diff --git a/managedservices/latest/userguide/offboarding-malz.md b/managedservices/latest/userguide/offboarding-malz.md index 1eab05361..ff22010b0 100644 --- a//managedservices/latest/userguide/offboarding-malz.md +++ b//managedservices/latest/userguide/offboarding-malz.md @@ -235,2 +235,2 @@ Security management (cont’d) | Core accounts | Trend Micro DSM infrastruct -Change management | Application and Core accounts | AMS RFC console and API is removed AMS custom service control policies (SCPs) that contain account-level access restrictions are detached during Application account offboarding, and deleted during Core account offboarding | You must use a native AWS API to create new resources, change existing resources, or update existing AWS CloudFormation stacks Access restrictions are no longer imposed at the account-level through AMS provided SCPs | Make sure that user roles provide sufficient access to use AWS services Create SCPs to provide account-level permission restrictions -AMS OS images and automations for service management | Application and Core accounts | AMS no longer provides support on customizations and launch scripts included in AMS provided EC2 AMIs AMS provided EC2 AMIs remain available in your offboarded accounts AMS provided Systems Manager Automation runbooks are unshared and no longer available for use | After offboarding, AMS provided AMIs launched with AWS CloudFormation send cfn-signal `FAILURE` because of missing dependencies on AMS components Operational processes that depend on AMS provided Systems Manager Automation runbooks might fail | Review and update any build or operational processes that are dependent on AMS provided AMIs or Systems Manager Automation runbooks +Change management | Application and Core accounts | AMS RFC console and API is removed AMS custom service control policies (SCPs) that contain account-level access restrictions are detached during Application account offboarding, and deleted during Core account offboarding | You must use a native AWS API to create new resources, change existing resources, or update existing CloudFormation stacks Access restrictions are no longer imposed at the account-level through AMS provided SCPs | Make sure that user roles provide sufficient access to use AWS services Create SCPs to provide account-level permission restrictions +AMS OS images and automations for service management | Application and Core accounts | AMS no longer provides support on customizations and launch scripts included in AMS provided EC2 AMIs AMS provided EC2 AMIs remain available in your offboarded accounts AMS provided Systems Manager Automation runbooks are unshared and no longer available for use | After offboarding, AMS provided AMIs launched with CloudFormation send cfn-signal `FAILURE` because of missing dependencies on AMS components Operational processes that depend on AMS provided Systems Manager Automation runbooks might fail | Review and update any build or operational processes that are dependent on AMS provided AMIs or Systems Manager Automation runbooks