AWS Security ChangesHomeSearch

AWS controltower documentation change

Service: controltower · 2025-11-22 · Documentation low

File: controltower/latest/userguide/2021-all.md

Summary

Updated URL formatting (added double slashes) in multiple documentation links. Content changes include references to security-related controls: Region deny capabilities, data residency controls, VPN/VPC access restrictions, and S3 BlockPublicAccess configuration.

Security assessment

The changes primarily fix URL formatting and do not introduce new security content or address vulnerabilities. While the documentation describes security features (e.g., Region deny, BlockPublicAccess), these were existing descriptions - the changes only modify links. No evidence of addressing a specific security vulnerability.

Diff

diff --git a/controltower/latest/userguide/2021-all.md b/controltower/latest/userguide/2021-all.md
index 214c69264..ba66d6838 100644
--- a//controltower/latest/userguide/2021-all.md
+++ b//controltower/latest/userguide/2021-all.md
@@ -56 +56 @@ AWS Control Tower now provides Region deny capabilities, which assist you in lim
-For example, AWS customers in Germany can deny access to AWS services in Regions outside of the Frankfurt Region. You can select restricted Regions during the AWS Control Tower set up process, or in the **Landing zone settings** page. The Region deny feature is available when you update your AWS Control Tower landing zone version. Select AWS services are exempt from Region deny capabilities. To learn more, see [Configure the Region deny control](https://docs.aws.amazon.com/controltower/latest/userguide/region-deny.html).
+For example, AWS customers in Germany can deny access to AWS services in Regions outside of the Frankfurt Region. You can select restricted Regions during the AWS Control Tower set up process, or in the **Landing zone settings** page. The Region deny feature is available when you update your AWS Control Tower landing zone version. Select AWS services are exempt from Region deny capabilities. To learn more, see [Configure the Region deny control](https://docs.aws.amazon.com//controltower/latest/userguide/region-deny.html).
@@ -64 +64 @@ For example, AWS customers in Germany can deny access to AWS services in Regions
-AWS Control Tower now offers purpose-built controls to help ensure that any customer data you upload to AWS services is located only in the AWS Regions that you specify. You can select the AWS Region or Regions in which your customer data is stored and processed. For a full list of AWS Regions where AWS Control Tower is available, see the [AWS Region Table](https://aws.amazon.com/about-aws/global-infrastructure/regional-product-services/).
+AWS Control Tower now offers purpose-built controls to help ensure that any customer data you upload to AWS services is located only in the AWS Regions that you specify. You can select the AWS Region or Regions in which your customer data is stored and processed. For a full list of AWS Regions where AWS Control Tower is available, see the [AWS Region Table](https://aws.amazon.com//about-aws/global-infrastructure/regional-product-services/).
@@ -66 +66 @@ AWS Control Tower now offers purpose-built controls to help ensure that any cust
-For granular control, you can apply additional controls, such as **Disallow Amazon Virtual Private Network (VPN) connections** , or **Disallow internet access for an Amazon VPC instance**. You can view the compliance status of the controls in the AWS Control Tower console. For a full list of available controls, see [The AWS Control Tower controls library](https://docs.aws.amazon.com/controltower/latest/controlreference/controls-reference.html). 
+For granular control, you can apply additional controls, such as **Disallow Amazon Virtual Private Network (VPN) connections** , or **Disallow internet access for an Amazon VPC instance**. You can view the compliance status of the controls in the AWS Control Tower console. For a full list of available controls, see [The AWS Control Tower controls library](https://docs.aws.amazon.com//controltower/latest/controlreference/controls-reference.html). 
@@ -161 +161 @@ If you are new to AWS Control Tower, you can launch it right away in any of the
-If you already have an AWS Control Tower environment and you want to extend or remove AWS Control Tower governance features in one or more supported Regions, go to the **Landing Zone Settings** page in your AWS Control Tower dashboard, then select the Regions. After updating your landing zone, you must then [update all accounts that are governed by AWS Control Tower](https://docs.aws.amazon.com/controltower/latest/userguide/configuration-updates.html#deploying-to-new-region).
+If you already have an AWS Control Tower environment and you want to extend or remove AWS Control Tower governance features in one or more supported Regions, go to the **Landing Zone Settings** page in your AWS Control Tower dashboard, then select the Regions. After updating your landing zone, you must then [update all accounts that are governed by AWS Control Tower](https://docs.aws.amazon.com//controltower/latest/userguide/configuration-updates.html#deploying-to-new-region).
@@ -261 +261 @@ AWS Control Tower version 2.7 includes changes to the AWS Control Tower landing
-  * In particular, AWS Control Tower version 2.7 enables `BlockPublicAccess` automatically on S3 buckets deployed by AWS Control Tower. You can turn this default off if your workload requires access across accounts. For more information about what happens with `BlockPublicaccess` enabled, see [Blocking public access to your Amazon S3 storage](https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html).
+  * In particular, AWS Control Tower version 2.7 enables `BlockPublicAccess` automatically on S3 buckets deployed by AWS Control Tower. You can turn this default off if your workload requires access across accounts. For more information about what happens with `BlockPublicaccess` enabled, see [Blocking public access to your Amazon S3 storage](https://docs.aws.amazon.com//AmazonS3/latest/userguide/access-control-block-public-access.html).