AWS Security ChangesHomeSearch

AWS r53recovery documentation change

Service: r53recovery · 2025-12-25 · Documentation low

File: r53recovery/latest/dg/region-switch-plans.md

Summary

Added section on automatic PDF report generation for plan executions including configuration requirements, report contents, and compliance benefits.

Security assessment

Introduces documentation for compliance reporting feature but doesn't address a specific vulnerability. Enhances security posture by enabling audit trails for disaster recovery events.

Diff

diff --git a/r53recovery/latest/dg/region-switch-plans.md b/r53recovery/latest/dg/region-switch-plans.md
index f4a28953a..dab7e60a3 100644
--- a//r53recovery/latest/dg/region-switch-plans.md
+++ b//r53recovery/latest/dg/region-switch-plans.md
@@ -5 +5 @@
-Region switch plansWorkflows and execution blocksPlan evaluationRegional alarms and actual recovery time
+Region switch plansWorkflows and execution blocksPlan evaluationAutomatic plan execution reportsRegional alarms and actual recovery time
@@ -61,0 +62,31 @@ You can see details and suggested remediation for issues that plan evaluation su
+## Automatic plan execution reports
+
+Region switch can automatically generate comprehensive PDF reports for plan executions to help you meet regulatory compliance requirements. These reports provide evidence of your disaster recovery tests and actual recovery events, including detailed execution timelines, plan configurations, and resource states.
+
+When you configure automatic report generation for a plan, Region switch creates a PDF report after each plan execution completes and delivers it to an Amazon S3 bucket that you specify. Reports are typically available within 30 minutes of execution completion. S3 storage costs apply.
+
+Each report includes:
+
+  * Executive summary with service overview and report creation date
+
+  * Plan configuration details as they existed at execution time
+
+  * Detailed execution timeline with steps, affected resources, and statuses
+
+  * Plan warnings that were present when the execution started
+
+  * Amazon CloudWatch alarm states and alarm history for associated alarms
+
+  * For parent plans, configuration and execution details of child plans
+
+  * Glossary of terms and concepts
+
+
+
+
+To enable automatic report generation, you configure a report output destination when you create or update a plan. You must also ensure that your plan's execution IAM role has the necessary permissions to write reports to your Amazon S3 bucket and access the resources needed to generate the report content. For more information about required permissions, see [Automatic plan execution reports permissions](./security_iam_region_switch_reports.html).
+
+You can view the status of report generation and download completed reports from the plan execution details page in the console. If report generation encounters errors, such as insufficient permissions or misconfigured Amazon S3 buckets, Region switch provides error details to help you troubleshoot the issue.
+
+Plan evaluation continuously validates your report configuration, including verifying that the execution role has the required IAM permissions. If Region switch detects configuration issues that would prevent successful report generation, it generates warnings that you can view on the plan details page.
+