AWS Security ChangesHomeSearch

AWS whitepapers documentation change

Service: whitepapers · 2026-01-25 · Documentation low

File: whitepapers/latest/aws-best-practices-ddos-resiliency/security-groups-and-network-acls-bp5.md

Summary

Updated terminology from 'ELB IP ranges' to 'Elastic Load Balancing IP ranges' for consistency

Security assessment

Change is purely terminological (abbreviation expansion) without altering security guidance. No evidence of addressing vulnerabilities or weaknesses.

Diff

diff --git a/whitepapers/latest/aws-best-practices-ddos-resiliency/security-groups-and-network-acls-bp5.md b/whitepapers/latest/aws-best-practices-ddos-resiliency/security-groups-and-network-acls-bp5.md
index bff417939..3e373a445 100644
--- a//whitepapers/latest/aws-best-practices-ddos-resiliency/security-groups-and-network-acls-bp5.md
+++ b//whitepapers/latest/aws-best-practices-ddos-resiliency/security-groups-and-network-acls-bp5.md
@@ -15 +15 @@ You can choose whether to specify security groups when you launch an instance or
-For example, when you have Amazon EC2 instances behind an Elastic Load Balancer, the instances themselves should not need to be publicly accessible and should have private IPs only. Instead, you could provide the Elastic Load Balancer access to the required target listener ports using a Security Group rule that allows access to 0.0.0.0/0 (to avoid connection tracking issues) in conjunction with a Network Access Control List (NACL) on the target group subnet to allow only the ELB IP ranges to communicate with the instances. This ensures that internet traffic can’t directly communicate with your Amazon EC2 instances, which makes it more difficult for an attacker to learn about and impact your application. 
+For example, when you have Amazon EC2 instances behind an Elastic Load Balancer, the instances themselves should not need to be publicly accessible and should have private IPs only. Instead, you could provide the Elastic Load Balancer access to the required target listener ports using a Security Group rule that allows access to 0.0.0.0/0 (to avoid connection tracking issues) in conjunction with a Network Access Control List (NACL) on the target group subnet to allow only the Elastic Load Balancing IP ranges to communicate with the instances. This ensures that internet traffic can’t directly communicate with your Amazon EC2 instances, which makes it more difficult for an attacker to learn about and impact your application.