AWS Security ChangesHomeSearch

AWS res high security documentation change

Service: res · 2025-12-25 · Security-related high

File: res/latest/ug/revisions.md

Summary

Added December 2025 release notes including enhancements, changes, and bug fixes

Security assessment

Added security enhancements: S3 access logging for compliance, mandatory SSL/TLS encryption for S3 communications, DynamoDB point-in-time recovery, and root-only permissions for /opt/cognito_auth. Fixes include preventing instance type bypass and frequent logout vulnerabilities.

Diff

diff --git a/res/latest/ug/revisions.md b/res/latest/ug/revisions.md
index e39558eb7..9e2382e3a 100644
--- a//res/latest/ug/revisions.md
+++ b//res/latest/ug/revisions.md
@@ -10,0 +11,24 @@ Date | Change
+December 2025 | 
+
+  * Release version 2025.12 Enhancements
+    * Propagation of custom CloudFormation tags to all RES components during deployment.
+    * Allow administrators to disable Active Directory joining for Windows hosts.
+    * Enable administrators to set default schedules for VDI desktop instances.
+    * S3 bucket access logging enabled for compliance and audit requirements.
+    * SSL/TLS encryption required on all S3 bucket communications.
+    * Enabled point-in-time recovery for RES managed DynamoDB tables.
+    * Updated permissions of /opt/cognito_auth directory to root-only access.
+Changes
+    * Migrated VDC-related APIs out of the VDC EC2 host to the backend Lambda.
+Bug Fixes
+    * Refreshing Allowed Instance Types when launching a new VDI.
+    * Fixed missing dependencies for efs_utils.
+    * Fixed cost dashboard total number of sessions in RES portal.
+    * Fixed issue where users could manually bypass the allowed instance types.
+    * Addressed race condition that could block DCV connection for Linux VDIs.
+    * Added missing operating systems from Software Stack page OS drop-down menu.
+    * Fixed frequent logout issue when using custom domain with Chrome.
+    * Fixed issue where the runtime SSSD configurations are not applied after disabling AD join.
+    * Fixed RES environment deletion failure caused by remaining VDI role.
+
+