AWS awssupport documentation change
Summary
Fixed IAM documentation URL paths
Security assessment
Added double slashes in IAM documentation URLs. This appears to be a formatting fix without security impact.
Diff
diff --git a/awssupport/latest/user/security-checks.md b/awssupport/latest/user/security-checks.md index cfeaa4b7c..9c4f2b0d0 100644 --- a//awssupport/latest/user/security-checks.md +++ b//awssupport/latest/user/security-checks.md @@ -121,0 +122,2 @@ For Business, Enterprise On-Ramp, or Enterprise Support customers, you can use t + * Red: Target has a public IP and a security group that allows inbound connections on the target control port from everywhere (0.0.0.0/0). + @@ -127,0 +130,2 @@ For Business, Enterprise On-Ramp, or Enterprise Support customers, you can use t + * Yellow: Target's security group allow inbound connections on the target control port from everywhere (0.0.0.0/0). + @@ -130 +134,3 @@ For Business, Enterprise On-Ramp, or Enterprise Support customers, you can use t - * Green: Application Load Balancer security group only allows inbound connections on ports that match with a listener.. + * Yellow: Target's security group allow inbound connections on the target control port from a security group that is not attached to Application Load Balancer. + + * Green: Application Load Balancer security group only allows inbound connections on ports that match with a listener. @@ -145,0 +152,2 @@ For improved security, make sure that your security groups only allow the necess + * Target security groups should allow connections in the target control port only from the load balancer(s) it's associated with. + @@ -1501 +1509 @@ Checks your origin server for SSL certificates that are expired, about to expire -Certificates that were encrypted by using the SHA-1 hashing algorithm are being deprecated by web browsers such as Chrome and Firefox. Depending on the number of SSL certificates that you have associated with your CloudFront distributions, this check might add a few cents per month to your bill with your web hosting provider, for example, AWS if you're using Amazon EC2 or Elastic Load Balancing as the origin for your CloudFront distribution. This check does not validate your origin certificate chain or certificate authorities. You can check these in your CloudFront configuration. +Certificates that were encrypted by using the SHA-1 hashing algorithm are being deprecated by web browsers such as Chrome and Firefox. Depending on the number of SSL certificates that you have associated with your CloudFront distributions, this check might add a few cents per month to your bill with your web hosting provider, for example, AWS if you're using Amazon EC2 or ELB as the origin for your CloudFront distribution. This check does not validate your origin certificate chain or certificate authorities. You can check these in your CloudFront configuration. @@ -1591 +1599 @@ Use only the recommended ciphers and protocols. -For more information, see [Listener Configurations for Elastic Load Balancing](https://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/elb-listener-config.html). +For more information, see [Listener Configurations for ELB](https://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/elb-listener-config.html). @@ -1600 +1608 @@ For more information, see [Listener Configurations for Elastic Load Balancing](h - * [SSL Negotiation Configurations for Elastic Load Balancing](https://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/elb-ssl-security-policy.html) + * [SSL Negotiation Configurations for ELB](https://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/elb-ssl-security-policy.html) @@ -1912 +1920 @@ To access the AWS Management Console, IAM users need passwords. As a best practi -To learn more about identity providers and federation, see [Identity providers and federation](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers.html) in the IAM User Guide. To learn more about IAM Identity Center, see the [IAM Identity Center User Guide](https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html). +To learn more about identity providers and federation, see [Identity providers and federation](https://docs.aws.amazon.com//IAM/latest/UserGuide/id_roles_providers.html) in the IAM User Guide. To learn more about IAM Identity Center, see the [IAM Identity Center User Guide](https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html). @@ -2016 +2024 @@ For your AWS Organizations member accounts, we recommend that you centrally mana -**If this is a member account in AWS Organizations:** Log in to your management account, enable the root access management feature in IAM, and remove your root user credentials from this member account. See [Centralize root access for member accounts](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-enable-root-access.html). +**If this is a member account in AWS Organizations:** Log in to your management account, enable the root access management feature in IAM, and remove your root user credentials from this member account. See [Centralize root access for member accounts](https://docs.aws.amazon.com//IAM/latest/UserGuide/id_root-enable-root-access.html).