AWS aws-backup documentation change
Summary
Clarified which accounts need to share approval teams and which administrator associates vaults with approval teams in multiparty approval setup.
Security assessment
The changes are procedural clarifications for setting up multiparty approval, which is a security feature, but they do not address a specific security vulnerability or weakness. The modifications refine instructions for sharing approval teams and specifying administrative roles without indicating any security incident.
Diff
diff --git a/aws-backup/latest/devguide/multipartyapproval.md b/aws-backup/latest/devguide/multipartyapproval.md index ad50b83b3..4c06442a7 100644 --- a//aws-backup/latest/devguide/multipartyapproval.md +++ b//aws-backup/latest/devguide/multipartyapproval.md @@ -27 +27 @@ The following steps outline the recommended flow for setting up a recovery AWS o - 4. The administrator uses AWS RAM to [share an approval team](./multipartyapproval-tasks-administrator.html#share-multipartyapproval-team-using-ram) with each account that owns at least one logically air-gapped vault (likely your primary account). Both the account that owns the vault and the secondary organization needs to have RAM set up. + 4. The administrator uses AWS RAM to [share an approval team](./multipartyapproval-tasks-administrator.html#share-multipartyapproval-team-using-ram) with each account that owns a logically air-gapped vault and the recovery account that needs to request access on that vault. @@ -29 +29 @@ The following steps outline the recommended flow for setting up a recovery AWS o - 5. An administrator of those accounts [associates a logically air-gapped vault with an approval team](./multipartyapproval-tasks-requester.html#associate-multipartyapproval-team). + 5. An administrator of the logically air-gapped vault owning account [associates the vault with an approval team](./multipartyapproval-tasks-requester.html#associate-multipartyapproval-team).