AWS workspaces documentation change
Summary
Added new section 'DCV PrivateLink domain names' listing the two DNS name patterns that must be allowed through firewalls or proxies when using VPC endpoints for WorkSpaces streaming.
Security assessment
This change adds security-relevant documentation about network configuration requirements for VPC endpoints, specifically which domain patterns to allow. However, there's no indication this addresses a specific security vulnerability or incident - it appears to be routine documentation expansion for a feature.
Diff
diff --git a/workspaces/latest/adminguide/workspaces-port-requirements.md b/workspaces/latest/adminguide/workspaces-port-requirements.md index 7c66f1b67..a51ca0a9f 100644 --- a//workspaces/latest/adminguide/workspaces-port-requirements.md +++ b//workspaces/latest/adminguide/workspaces-port-requirements.md @@ -5 +5 @@ -Ports for client applicationsPorts for Web AccessDomains and IP addresses to add to your allow listHealth check serversPCoIP gateway serversDCV gateway serversDCV gateway domain namesNetwork interfacesIP address and port requirements by Region +Ports for client applicationsPorts for Web AccessDomains and IP addresses to add to your allow listHealth check serversPCoIP gateway serversDCV gateway serversDCV gateway domain namesDCV PrivateLink domain namesNetwork interfacesIP address and port requirements by Region @@ -824,0 +825,9 @@ AWS GovCloud (US-East) | +## DCV PrivateLink domain names + +If you use VPC endpoints for WorkSpaces streaming, the following domains must be allowed through your firewall or proxy. Replace <region> with your AWS Region (for example, us-east-1). + +DNS Name Type | Domain +---|--- +Unique publicly resolvable DNS name | *.prod.highlander.<region>.vpce.amazonaws.com +Generic private DNS name | privatelink.prod.<region>.highlander.aws.a2z.com +