AWS connect documentation change
Summary
Updated network configuration guidance for the new sign-in experience, changing wording from 'ensure URLs are accessible' to 'allowlist endpoints' and adding specific endpoints for AWS GovCloud (US) users.
Security assessment
This change improves security documentation by explicitly recommending allowlisting (a security best practice) rather than just ensuring accessibility. The addition of threat-mitigation and S3 endpoints suggests enhanced security monitoring infrastructure, but there's no evidence this addresses a specific security vulnerability. The change provides clearer security guidance for network configuration.
Diff
diff --git a/connect/latest/adminguide/new-signin-experience.md b/connect/latest/adminguide/new-signin-experience.md index d43c56f5d..aa1770568 100644 --- a//connect/latest/adminguide/new-signin-experience.md +++ b//connect/latest/adminguide/new-signin-experience.md @@ -49 +49 @@ The migration to the new sign-in experience will occur in the following phases: -Before testing the new sign-in experience, ensure the following URLs are accessible from your network: +Before testing the new sign-in experience, allowlist the following endpoints to ensure they are accessible from your network: @@ -54,0 +55,9 @@ Before testing the new sign-in experience, ensure the following URLs are accessi + * `*.threat-mitigation.aws.amazon.com` + + * `*.s3.dualstack.*.amazonaws.com` + + + + +If you are an AWS GovCloud (US) user, also allowlist the following endpoints: + @@ -61,4 +69,0 @@ Before testing the new sign-in experience, ensure the following URLs are accessi - * `*.threat-mitigation.aws.amazon.com` - - * `*.s3.dualstack.*.amazonaws.com` -