AWS Security ChangesHomeSearch

AWS guidance documentation change

Service: guidance · 2026-03-22 · Documentation low

File: guidance/latest/connected-mobility-on-aws/architecture-overview.md

Summary

Removed the 'Data flow' and 'Networking architecture' sections that described the telemetry pipeline and VPC configuration details.

Security assessment

This change removes detailed architectural documentation but does not indicate any security vulnerability or incident. The removed content included security-related information (X.509 certificates, least-privilege security groups) but its removal doesn't address a specific security issue.

Diff

diff --git a/guidance/latest/connected-mobility-on-aws/architecture-overview.md b/guidance/latest/connected-mobility-on-aws/architecture-overview.md
index 3db508fe9..83c62b687 100644
--- a//guidance/latest/connected-mobility-on-aws/architecture-overview.md
+++ b//guidance/latest/connected-mobility-on-aws/architecture-overview.md
@@ -72,44 +71,0 @@ Total deployment time: 45-65 minutes.
-### Data flow
-
-The solution implements an integrated telemetry pipeline:
-
-  1. **Vehicle Connectivity** – Vehicles connect securely to AWS IoT Core using X.509 certificates and MQTT protocol. In FleetWise Edge mode, the FWE agent handles connectivity, authentication, and campaign-driven signal collection from the vehicle CAN bus.
-
-  2. **Data Ingestion** – Telemetry data flows through IoT Rules to Amazon MSK for high-throughput processing. MQTT Direct telemetry lands on the `cms-telemetry` topic. FleetWise Edge protobuf telemetry lands on the `fw-telemetry-raw` topic and is decoded by the FWTelemetryProcessor before joining the standard pipeline.
-
-  3. **Campaign Management** – In FleetWise Edge mode, the CampaignSyncProcessor monitors agent checkins on the `fw-checkin` topic, resolves active campaigns from DynamoDB, and pushes decoder manifests and collection schemes to the edge agent through IoT Core MQTT.
-
-  4. **Real-time Processing** – Apache Flink applications on Amazon Kinesis Data Analytics process streams to generate trips, detect safety events, create maintenance alerts, and evaluate geofence boundaries.
-
-  5. **Remote Commands** – The CommandsStack enables bidirectional vehicle communication. Commands are sent from the Fleet Manager UI through API Gateway and Lambda, published to IoT Core MQTT, and tracked in DynamoDB with status updates and latency measurement. The command catalog is derived from actuatable signals in the signal catalog.
-
-  6. **Geofence Evaluation** – The GeofenceProcessor Flink application evaluates vehicle positions against active geofences in real-time, generating safety events when vehicles cross geofence boundaries.
-
-  7. **Data Storage** – Processed data is stored in DynamoDB with automatic scaling and backup.
-
-  8. **Real-time State** – Amazon ElastiCache for Redis maintains the last known vehicle state for sub-second lookups.
-
-  9. **Location Services** – Amazon Location Service provides maps, geocoding, and route calculation for vehicle tracking.
-
-  10. **Fleet Management** – The web application provides comprehensive fleet management, driver tracking, remote commands, geofence management, and analytics dashboards with real-time map visualization.
-
-
-
-
-### Networking architecture
-
-The solution uses a single Amazon VPC with the following configuration:
-
-  * **Public Subnets** – Host NAT Gateway for outbound internet access
-
-  * **Private Subnets** – Host MSK cluster and ElastiCache for security
-
-  * **Security Groups** – Restrict traffic between components following least-privilege principles
-
-  * **VPC Endpoints** – Enable private connectivity to AWS services where applicable
-
-
-
-
-The networking architecture supports both public internet access and private network configurations through VPC peering or AWS Transit Gateway.
-