AWS res high security documentation change
Summary
Added December 2025 release notes including enhancements, changes, and bug fixes
Security assessment
Added security enhancements: S3 access logging for compliance, mandatory SSL/TLS encryption for S3 communications, DynamoDB point-in-time recovery, and root-only permissions for /opt/cognito_auth. Fixes include preventing instance type bypass and frequent logout vulnerabilities.
Diff
diff --git a/res/latest/ug/revisions.md b/res/latest/ug/revisions.md index e39558eb7..9e2382e3a 100644 --- a//res/latest/ug/revisions.md +++ b//res/latest/ug/revisions.md @@ -10,0 +11,24 @@ Date | Change +December 2025 | + + * Release version 2025.12 Enhancements + * Propagation of custom CloudFormation tags to all RES components during deployment. + * Allow administrators to disable Active Directory joining for Windows hosts. + * Enable administrators to set default schedules for VDI desktop instances. + * S3 bucket access logging enabled for compliance and audit requirements. + * SSL/TLS encryption required on all S3 bucket communications. + * Enabled point-in-time recovery for RES managed DynamoDB tables. + * Updated permissions of /opt/cognito_auth directory to root-only access. +Changes + * Migrated VDC-related APIs out of the VDC EC2 host to the backend Lambda. +Bug Fixes + * Refreshing Allowed Instance Types when launching a new VDI. + * Fixed missing dependencies for efs_utils. + * Fixed cost dashboard total number of sessions in RES portal. + * Fixed issue where users could manually bypass the allowed instance types. + * Addressed race condition that could block DCV connection for Linux VDIs. + * Added missing operating systems from Software Stack page OS drop-down menu. + * Fixed frequent logout issue when using custom domain with Chrome. + * Fixed issue where the runtime SSSD configurations are not applied after disabling AD join. + * Fixed RES environment deletion failure caused by remaining VDI role. + +