AWS prescriptive-guidance documentation change
Summary
Updated breadcrumb navigation, corrected apostrophe usage, removed 'AWS' from 'Security Hub CSPM' reference, and added period to image alt text
Security assessment
The changes are minor editorial improvements without any security implications. The SCP reference and Security Hub functionality remain unchanged, and no vulnerabilities or security enhancements are mentioned. The modifications focus on documentation clarity and consistency.
Diff
diff --git a/prescriptive-guidance/latest/security-reference-architecture/account-structure.md b/prescriptive-guidance/latest/security-reference-architecture/account-structure.md index 4984d6521..2b6ebdd12 100644 --- a//prescriptive-guidance/latest/security-reference-architecture/account-structure.md +++ b//prescriptive-guidance/latest/security-reference-architecture/account-structure.md @@ -3 +3 @@ -[Documentation](/index.html)[AWS Prescriptive Guidance](https://aws.amazon.com/prescriptive-guidance/)[AWS Security Reference Architecture](welcome.html) +[Documentation](/index.html)[AWS Prescriptive Guidance](https://aws.amazon.com/prescriptive-guidance/)[AWS Security Reference Architecture (AWS SRA) – core architecture](introduction.html) @@ -25 +25 @@ The following diagram captures the high-level structure of the AWS SRA without d -For this guidance, all accounts are considered production (prod) accounts that operate in a single AWS Region. Most AWS services (except for [global services](https://docs.aws.amazon.com/whitepapers/latest/aws-fault-isolation-boundaries/global-services.html)) are regionally scoped, which means that the control and data planes for the service exist independently in each AWS Region. For this reason, you must replicate this architecture across all AWS Regions that you plan to use, to ensure coverage for your entire AWS landscape. If you don’t have any workloads in a specific AWS Region, you should disable the Region by using [SCPs](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps_examples_general.html#example-scp-deny-region) or by using logging and monitoring mechanisms. You can use AWS Security Hub CSPM to aggregate findings and security scores from multiple AWS Regions to a single aggregation Region for centralized visibility. +For this guidance, all accounts are considered production (prod) accounts that operate in a single AWS Region. Most AWS services (except for [global services](https://docs.aws.amazon.com/whitepapers/latest/aws-fault-isolation-boundaries/global-services.html)) are regionally scoped, which means that the control and data planes for the service exist independently in each AWS Region. For this reason, you must replicate this architecture across all AWS Regions that you plan to use, to ensure coverage for your entire AWS landscape. If you don't have any workloads in a specific AWS Region, you should disable the Region by using [SCPs](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps_examples_general.html#example-scp-deny-region) or by using logging and monitoring mechanisms. You can use Security Hub CSPM to aggregate findings and security scores from multiple AWS Regions to a single aggregation Region for centralized visibility. @@ -29 +29 @@ When hosting an AWS organization with a large set of accounts, it's beneficial t - +