AWS prescriptive-guidance documentation change
Summary
Updated documentation links to remove redundant 'AWS' prefix from 'AWS Directory Service documentation' references in multiple sections
Security assessment
The changes are purely stylistic adjustments to documentation links, removing redundant 'AWS' branding from text references. No security-related content was added, modified, or removed. The linked documentation topics (security group configurations, CloudWatch Logs integration, etc.) remain unchanged in their security implications.
Diff
diff --git a/prescriptive-guidance/latest/migration-microsoft-workloads-aws/migrating-active-directory-workloads.md b/prescriptive-guidance/latest/migration-microsoft-workloads-aws/migrating-active-directory-workloads.md index 14b6b3d62..1469f5970 100644 --- a//prescriptive-guidance/latest/migration-microsoft-workloads-aws/migrating-active-directory-workloads.md +++ b//prescriptive-guidance/latest/migration-microsoft-workloads-aws/migrating-active-directory-workloads.md @@ -61 +61 @@ For example, you can enable your users to sign in to the AWS Management Console -Before you can grant console access to your directory members, your directory must have an access URL. For more information about how to view directory details and get your access URL, see [View directory information](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_view_directory_info.html) in the AWS Directory Service documentation. For more information about how to create an access URL, see [Creating an access URL](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_create_access_url.html) in the AWS Directory Service documentation. For more information about how to create and assign IAM roles to your directory members, see [Grant users and groups access to AWS resources](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_manage_roles.html) in the AWS Directory Service documentation. +Before you can grant console access to your directory members, your directory must have an access URL. For more information about how to view directory details and get your access URL, see [View directory information](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_view_directory_info.html) in the AWS Directory Service documentation. For more information about how to create an access URL, see [Creating an access URL](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_create_access_url.html) in the Directory Service documentation. For more information about how to create and assign IAM roles to your directory members, see [Grant users and groups access to AWS resources](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_manage_roles.html) in the Directory Service documentation. @@ -97 +97 @@ You can share AWS Managed Microsoft AD across multiple AWS accounts. This enable -You can quickly deploy your directory-aware workloads on EC2 instances by eliminating the need to manually join your instances to a domain or to deploy directories in each account and Amazon VPC. For more information, see [Share your directory](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_directory_sharing.html) in the AWS Directory Service documentation. Keep in mind that there is a cost to share an AWS Managed Microsoft AD environment. You can communicate with the AWS Managed Microsoft AD environment from other networks or accounts by using an Amazon VPC peer or Transit Gateway peer, so sharing might not be needed. If you intend to use the directory with the following services, then you must share the domain: Amazon Aurora MySQL, Amazon Aurora PostgreSQL, Amazon FSx, Amazon RDS for MariaDB, Amazon RDS for MySQL, Amazon RDS for Oracle, Amazon RDS for PostgreSQL, and Amazon RDS for SQL Server. +You can quickly deploy your directory-aware workloads on EC2 instances by eliminating the need to manually join your instances to a domain or to deploy directories in each account and Amazon VPC. For more information, see [Share your directory](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_directory_sharing.html) in the Directory Service documentation. Keep in mind that there is a cost to share an AWS Managed Microsoft AD environment. You can communicate with the AWS Managed Microsoft AD environment from other networks or accounts by using an Amazon VPC peer or Transit Gateway peer, so sharing might not be needed. If you intend to use the directory with the following services, then you must share the domain: Amazon Aurora MySQL, Amazon Aurora PostgreSQL, Amazon FSx, Amazon RDS for MariaDB, Amazon RDS for MySQL, Amazon RDS for Oracle, Amazon RDS for PostgreSQL, and Amazon RDS for SQL Server. @@ -122 +122 @@ Consider the following options: - * **Security group configurations for Active Directory controllers** **–** If you're using AWS Managed Microsoft AD, the domain controllers come with a VPC security configuration for limited access to the domain controllers. It might be necessary for you to modify the security group rules to allow access for some potential use cases. For more information on security group configuration, see [Enhance your AWS Managed Microsoft AD network security configuration](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_network_security.html) in the AWS Directory Service documentation. We recommend that you don't allow users to modify these groups or use them for any other AWS services. Allowing other users to use these could cause service interruptions to your Active Directory environment if the users modify them to block necessary communications. + * **Security group configurations for Active Directory controllers** **–** If you're using AWS Managed Microsoft AD, the domain controllers come with a VPC security configuration for limited access to the domain controllers. It might be necessary for you to modify the security group rules to allow access for some potential use cases. For more information on security group configuration, see [Enhance your AWS Managed Microsoft AD network security configuration](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_network_security.html) in the Directory Service documentation. We recommend that you don't allow users to modify these groups or use them for any other AWS services. Allowing other users to use these could cause service interruptions to your Active Directory environment if the users modify them to block necessary communications. @@ -124 +124 @@ Consider the following options: - * **Integrate with Amazon CloudWatch Logs for Active Directory event logs** **–** If you're running AWS Managed Microsoft AD or using a self-managed Active Directory, then you can take advantage of Amazon CloudWatch Logs to centralize your Active Directory logging. You can use CloudWatch Logs to copy authentication, security, and other logs to CloudWatch. This gives you an easy way to search logs in one place, and it can help to satisfy some compliance requirements. We recommend integration with CloudWatch Logs because it can help you better respond to future incidents in your environment. For more information, see [Enabling Amazon CloudWatch Logs for AWS Managed Microsoft AD](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_enable_log_forwarding.html) in the AWS Directory Service documentation and [Amazon CloudWatch Logs for Windows Event Logs](https://aws.amazon.com/premiumsupport/knowledge-center/cloudwatch-upload-windows-logs/) in the AWS Knowledge Center. + * **Integrate with Amazon CloudWatch Logs for Active Directory event logs** **–** If you're running AWS Managed Microsoft AD or using a self-managed Active Directory, then you can take advantage of Amazon CloudWatch Logs to centralize your Active Directory logging. You can use CloudWatch Logs to copy authentication, security, and other logs to CloudWatch. This gives you an easy way to search logs in one place, and it can help to satisfy some compliance requirements. We recommend integration with CloudWatch Logs because it can help you better respond to future incidents in your environment. For more information, see [Enabling Amazon CloudWatch Logs for AWS Managed Microsoft AD](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_enable_log_forwarding.html) in the Directory Service documentation and [Amazon CloudWatch Logs for Windows Event Logs](https://aws.amazon.com/premiumsupport/knowledge-center/cloudwatch-upload-windows-logs/) in the AWS Knowledge Center. @@ -137 +137 @@ We recommend that you use the Active Directory Migration Tool (ADMT) and Passwor - * **LDIF** – LDAP Data Interchange Format (LDIF) is a file format used to extend the schema of an AWS Managed Microsoft AD directory. LDIF files contain the necessary information to add new objects and attributes to the directory. Files must meet the LDAP standards for syntax and must contain valid object definitions for each object the files add. After you create the LDIF file, you must upload the file to the directory to extend its schema. For more information about using LDIF files to extend the schema of an AWS Managed Microsoft AD directory, see [Extending the schema of AWS Managed Microsoft AD](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_schema_extensions.html) in the AWS Directory Service documentation. + * **LDIF** – LDAP Data Interchange Format (LDIF) is a file format used to extend the schema of an AWS Managed Microsoft AD directory. LDIF files contain the necessary information to add new objects and attributes to the directory. Files must meet the LDAP standards for syntax and must contain valid object definitions for each object the files add. After you create the LDIF file, you must upload the file to the directory to extend its schema. For more information about using LDIF files to extend the schema of an AWS Managed Microsoft AD directory, see [Extending the schema of AWS Managed Microsoft AD](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_schema_extensions.html) in the Directory Service documentation.