AWS notifications documentation change
Summary
Added guidance about email allow lists for aggregated notifications and clarified email verification process requiring sign-in to the correct AWS account.
Security assessment
The change adds security documentation by advising organizations to add @aws.com domain to email allow lists to ensure notification delivery, and clarifies security controls around email verification (requiring sign-in to the correct AWS account). This helps prevent notification delivery failures and unauthorized email verification, but doesn't address a specific security vulnerability.
Diff
diff --git a/notifications/latest/userguide/delivery-channels-managed-notifications.md b/notifications/latest/userguide/delivery-channels-managed-notifications.md index a5cfc1806..820350153 100644 --- a//notifications/latest/userguide/delivery-channels-managed-notifications.md +++ b//notifications/latest/userguide/delivery-channels-managed-notifications.md @@ -27,0 +28,2 @@ Emails you receive from User Notifications are sent from the domain `@aws.com`. +Aggregated notifications are sent from `[email protected]`. If your organization uses an email allow list, add the `@aws.com` domain to ensure you receive all User Notifications emails. + @@ -41,0 +44,2 @@ A verification email is sent to newly added email addresses. You can generate an +The recipient must be signed in to the AWS account that added the email address to complete the verification process. The verification link directs to the AWS Management Console. +