AWS lightsail medium security documentation change
Summary
Added documentation about NGINX blueprint security practices, including IMDSv2 enforcement and IPv6 compatibility
Security assessment
The change explicitly states that Lightsail enforces Instance Metadata Service Version 2 (IMDSv2) by default for NGINX instances, which is a security hardening measure to mitigate risks like SSRF attacks. This qualifies as a security-related update and adds security documentation.
Diff
diff --git a/lightsail/latest/userguide/compare-options-choose-lightsail-instance-image.md b/lightsail/latest/userguide/compare-options-choose-lightsail-instance-image.md index 9355a1e46..0271b9e1c 100644 --- a//lightsail/latest/userguide/compare-options-choose-lightsail-instance-image.md +++ b//lightsail/latest/userguide/compare-options-choose-lightsail-instance-image.md @@ -322 +322,14 @@ NGINX is an asynchronous server and its main advantage is scalability. The NGINX -Learn more about the [Nginx stack](https://bitnami.com/stack/nginx) at the _Bitnami_ website. +Learn more about the [NGINX stack](https://bitnami.com/stack/nginx) at the _Bitnami_ website. + +****Nginx** ** + + +The Nginx blueprint provides a complete production environment with PHP, MariaDB, phpMyAdmin, and NGINX. Lightsail packages blueprints to be secure and up-to-date using industry best practices. + +Lightsail instances launched from Nginx will have Instance Metadata Service Version 2 (IMDSv2) enforced by default. For more information, see [How Instance Metadata Service Version 2 works](./amazon-lightsail-configuring-instance-metadata-service.html). + +This blueprint is compatible with a Lightsail IPv6-only instance plan. + +[Deploy and manage an Nginx web server on Lightsail](./amazon-lightsail-quick-start-guide-nginx.html) + +Learn more about the [NGINX stack](https://nginx.org/en/) at the _NGINX_ website.