AWS drs documentation change
Summary
Corrected terminology from 'System Manager' to 'Systems Manager', fixed a typo ('Advance' to 'Advanced'), removed a duplicate line, and made a minor grammatical improvement in a security note.
Security assessment
The changes are primarily typographical corrections and terminology updates. The grammatical change in the security note ('recommend to consider' to 'recommend considering') does not alter the security guidance's meaning or introduce new security information. The note about restricting access to the parameter store and considering security implications for sensitive parameters was already present.
Diff
diff --git a/drs/latest/userguide/post-launch-action-settings-adding-custom-default.md b/drs/latest/userguide/post-launch-action-settings-adding-custom-default.md index 44c2f6ec7..1412425d6 100644 --- a//drs/latest/userguide/post-launch-action-settings-adding-custom-default.md +++ b//drs/latest/userguide/post-launch-action-settings-adding-custom-default.md @@ -25 +25 @@ The **Add action** page includes these parameters: -**System Manager document name** – Select any Systems Manager document that is available to be used in this account. +**Systems Manager document name** – Select any Systems Manager document that is available to be used in this account. @@ -27,3 +27 @@ The **Add action** page includes these parameters: -**System Manager document name** – Select any Systems Manager document that is available to be used in this account. - -**View in Systems Manager** – select to open **System Managers** and view additional information about the document. +**View in Systems Manager** – select to open **Systems Manager** and view additional information about the document. @@ -47 +45 @@ The **Action parameters** change according to the specific SSM document that is -AWS Elastic Disaster Recovery (AWS DRS) places **AWSElasticDisasterRecoveryRecoveryInstanceWithLaunchActionsRole** instance profile on the launch instance if post-launch actions is active for the source server. If you add an SSM command action that requires additional permissions in the launch instance, you must ensure that the instance profile has the right policies or the right permissions. In order to do so, create a role that has the required permissions as per the policies above or has a policy or policies with those permissions attached to it. Go to **Launch settings** > **EC2 launch template** > **Modify** > **Advance** > **IAM instance profile**. Use an existing profile or create a new one using the **Create new IAM profile** link. +AWS Elastic Disaster Recovery (AWS DRS) places **AWSElasticDisasterRecoveryRecoveryInstanceWithLaunchActionsRole** instance profile on the launch instance if post-launch actions is active for the source server. If you add an SSM command action that requires additional permissions in the launch instance, you must ensure that the instance profile has the right policies or the right permissions. In order to do so, create a role that has the required permissions as per the policies above or has a policy or policies with those permissions attached to it. Go to **Launch settings** > **EC2 launch template** > **Modify** > **Advanced** > **IAM instance profile**. Use an existing profile or create a new one using the **Create new IAM profile** link. @@ -51 +49 @@ AWS Elastic Disaster Recovery (AWS DRS) places **AWSElasticDisasterRecoveryRecov -Only trusted, authorized users should have access to the parameter store. For enhanced security, ensure that users who do not have permissions to execute SSM documents / commands, do not have access to parameter store. [Learn more about restricting access to Systems Manager parameters](https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-paramstore-access.html). Action parameters are stored in the SSM parameter store as regular strings. Changing parameters in the SSM Parameter store may impact the post launch action run on target instances. We recommend to consider security implications, when choosing to use parameters that contain scripts or sensitive information, such as API keys and database passwords. +Only trusted, authorized users should have access to the parameter store. For enhanced security, ensure that users who do not have permissions to execute SSM documents / commands, do not have access to parameter store. [Learn more about restricting access to Systems Manager parameters](https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-paramstore-access.html). Action parameters are stored in the SSM parameter store as regular strings. Changing parameters in the SSM Parameter store may impact the post launch action run on target instances. We recommend considering security implications when choosing to use parameters that contain scripts or sensitive information, such as API keys and database passwords.