AWS controltower documentation change
Summary
Corrected URL formatting in links to AWS Control Tower and Organizations documentation
Security assessment
The updates address URL formatting issues but do not alter security guidance. The surrounding content discusses security best practices (e.g., Region deny policies), but the changes themselves are purely technical fixes for documentation links.
Diff
diff --git a/controltower/latest/userguide/getting-started-guidance.md b/controltower/latest/userguide/getting-started-guidance.md index 6d64b4486..30ded681f 100644 --- a//controltower/latest/userguide/getting-started-guidance.md +++ b//controltower/latest/userguide/getting-started-guidance.md @@ -21 +21 @@ We recommend the following best practices as you create and modify resources in - * Do not disallow usage of any AWS Regions through either SCPs or AWS Security Token Service (AWS STS). Doing so will cause AWS Control Tower to enter an undefined state. If you disallow Regions with AWS STS, your functionality will fail in those Regions, because authentication would be unavailable in those Regions. Instead, rely on the AWS Control Tower Region deny capability, as shown in the control, [Deny access to AWS based on the requested AWS Region](https://docs.aws.amazon.com/controltower/latest/userguide/primary-region-deny-policy.html), which works at the landing zone level, or the control [Region deny control applied to the OU](https://docs.aws.amazon.com/controltower/latest/userguide/ou-region-deny.html), which works at the OU level to restrict access to Regions. + * Do not disallow usage of any AWS Regions through either SCPs or AWS Security Token Service (AWS STS). Doing so will cause AWS Control Tower to enter an undefined state. If you disallow Regions with AWS STS, your functionality will fail in those Regions, because authentication would be unavailable in those Regions. Instead, rely on the AWS Control Tower Region deny capability, as shown in the control, [Deny access to AWS based on the requested AWS Region](https://docs.aws.amazon.com//controltower/latest/userguide/primary-region-deny-policy.html), which works at the landing zone level, or the control [Region deny control applied to the OU](https://docs.aws.amazon.com//controltower/latest/userguide/ou-region-deny.html), which works at the OU level to restrict access to Regions. @@ -25 +25 @@ We recommend the following best practices as you create and modify resources in - * Do not use the AWS Organizations `DisableAWSServiceAccess` API to turn off AWS Control Tower service access to the organization where you’ve set up your landing zone. If you do so, certain AWS Control Tower drift detection features may not function properly without messaging support from AWS Organizations. These drift detection features help guarantee that AWS Control Tower can report the compliance status of of organizational units, accounts, and controls in your organization accurately. For more information, see [API_DisableAWSServiceAccess in the AWS Organizations API Reference](https://docs.aws.amazon.com/organizations/latest/APIReference/API_DisableAWSServiceAccess.html). + * Do not use the AWS Organizations `DisableAWSServiceAccess` API to turn off AWS Control Tower service access to the organization where you’ve set up your landing zone. If you do so, certain AWS Control Tower drift detection features may not function properly without messaging support from AWS Organizations. These drift detection features help guarantee that AWS Control Tower can report the compliance status of of organizational units, accounts, and controls in your organization accurately. For more information, see [API_DisableAWSServiceAccess in the AWS Organizations API Reference](https://docs.aws.amazon.com//organizations/latest/APIReference/API_DisableAWSServiceAccess.html). @@ -31 +31 @@ We recommend the following best practices as you create and modify resources in - * AWS Control Tower allows concurrent actions to deploy optional controls. For more information, see [Concurrent deployment for optional controls](https://docs.aws.amazon.com/controltower/latest/userguide/enable-controls-on-ou.html#concurrent-optional-controls). + * AWS Control Tower allows concurrent actions to deploy optional controls. For more information, see [Concurrent deployment for optional controls](https://docs.aws.amazon.com//controltower/latest/userguide/enable-controls-on-ou.html#concurrent-optional-controls).