AWS managedservices documentation change
Summary
Updated AWS CLI command template to version 2.0 with support for multiple OutboundRules entries and added explicit example for multiple egress rules configuration
Security assessment
The change updates security group egress rule configuration documentation to support multiple rules but does not address any specific vulnerability. Security groups are inherently security-related, but this is a feature enhancement (multi-rule support) rather than a security fix. Example now shows stricter CIDR ranges (192.168.1.0/24 and 172.16.0.0/24) which could reflect better security practices, but no explicit security issue is mentioned.
Diff
diff --git a/managedservices/latest/ctref/management-advanced-security-group-authorize-egress-rule.md b/managedservices/latest/ctref/management-advanced-security-group-authorize-egress-rule.md index e4d3778b7..4b2350f32 100644 --- a//managedservices/latest/ctref/management-advanced-security-group-authorize-egress-rule.md +++ b//managedservices/latest/ctref/management-advanced-security-group-authorize-egress-rule.md @@ -79 +79,2 @@ Issue the create RFC command with execution parameters provided inline (escape q - aws amscm create-rfc --change-type-id "ct-0lqruajvhwsbk" --change-type-version "1.0" --title "Authorize security group egress rule" --execution-parameters '{"DocumentName":"AWSManagedServices-AuthorizeSecurityGroupEgressRule","Region":"us-east-1","Parameters":{"SecurityGroupId":["SG_ID"],"IpProtocol":["tcp"],"FromPort":[80],"ToPort":[80],"Destination":["10.0.0.1/24"],"Description":["HTTP Port for 10.0.0.1/24"]}}' + aws amscm create-rfc --change-type-id "ct-0lqruajvhwsbk" --change-type-version "2.0" --title "AWSManagedServices-AuthorizeSecurityGroupEgressRulesV2" --execution-parameters "{\"DocumentName\": \"AWSManagedServices-AuthorizeSecurityGroupEgressRulesV2\",\"Region\": \"us-east-1\",\"Parameters\": {\"SecurityGroupId\": [ + \"sg-03b5e3a1ad874bdd7\"],\"OutboundRules\": [{\"IpProtocol\": \"tcp\",\"FromPort\": \"80\",\"ToPort\": \"80\",\"Destination\": \"192.168.1.0/24\"},{\"IpProtocol\": \"tcp\",\"FromPort\": \"99\",\"ToPort\": \"99\",\"Destination\": \"172.16.0.0/24\", \"Description\": \"On-prem IP\"}]}}" @@ -90 +91 @@ _TEMPLATE CREATE_ : - "DocumentName" : "AWSManagedServices-AuthorizeSecurityGroupEgressRule", + "DocumentName": "AWSManagedServices-AuthorizeSecurityGroupEgressRulesV2", @@ -93,6 +94,20 @@ _TEMPLATE CREATE_ : - "SecurityGroupId" : ["SG_ID"], - "IpProtocol" : ["tcp"], - "FromPort" : [80], - "ToPort" : [80], - "Destination" : ["10.0.0.1/24"] - "Description" : ["HTTP Port for 10.0.0.1/24"] + { + "SecurityGroupId": [ + "sg-03b5e3a1ad874bdd7" + ], + "OutboundRules": [ + { + "IpProtocol": "tcp", + "FromPort": "80", + "ToPort": "80", + "Destination": "192.168.1.0/24" + }, + { + "IpProtocol": "tcp", + "FromPort": "99", + "ToPort": "99", + "Destination": "172.16.0.0/24", + "Description": "On-prem IP" + } + ] + } @@ -108,0 +124 @@ _TEMPLATE CREATE_ : + "ChangeTypeVersion": "2.0", @@ -110,2 +126 @@ _TEMPLATE CREATE_ : - "ChangeTypeVersion": "1.0", - "Title": "Authorize security group egress rule" + "Title": "Authorize Multiple Egress Rules"