AWS vpc documentation change
Summary
Clarified that domain verification applies to both IPv4 and IPv6 address ranges in BYOIP process
Security assessment
This change clarifies existing security documentation about IP address ownership verification. It reinforces that the verification process prevents IP hijacking and routing attacks for both IPv4 and IPv6, which is a security control but not a response to a specific security issue.
Diff
diff --git a/vpc/latest/ipam/tutorials-byoip-ipam-domain-verification-methods.md b/vpc/latest/ipam/tutorials-byoip-ipam-domain-verification-methods.md index 9307e194d..7d9fc37c8 100644 --- a//vpc/latest/ipam/tutorials-byoip-ipam-domain-verification-methods.md +++ b//vpc/latest/ipam/tutorials-byoip-ipam-domain-verification-methods.md @@ -9 +9 @@ Verify your domain with an X.509 certificateVerify your domain with a DNS TXT re -Before you bring an IP address range to AWS, you have to use one of the options described in this section to verify that you control the IP address space. Later, when you bring the IP address range to AWS, AWS validates that you control the IP address range. This validation ensures that customers cannot use IP ranges belonging to others, preventing routing and security issues. +Before you bring an IP address range to AWS, you have to use one of the options described in this section to verify that you control the IP address space. This applies to both IPv4 and IPv6 address ranges. Later, when you bring the IP address range to AWS, AWS validates that you control the IP address range. This validation ensures that customers cannot use IP ranges belonging to others, preventing routing and security issues.