AWS appstream2 medium security documentation change
Summary
Added MCP endpoints to allowed domains list and updated section header
Security assessment
Added new Model Context Protocol (MCP) endpoints required for firewall configuration. Missing these endpoints could block legitimate traffic or require insecure wide-open rules, impacting network security. Concrete evidence: Added 12 region-specific endpoints to firewall allowlist documentation.
Diff
diff --git a/appstream2/latest/developerguide/allowed-domains.md b/appstream2/latest/developerguide/allowed-domains.md index bd221e619..a2ee82bdc 100644 --- a//appstream2/latest/developerguide/allowed-domains.md +++ b//appstream2/latest/developerguide/allowed-domains.md @@ -7 +7 @@ -Streaming InstancesUser AuthenticationAWS IP address ranges +Streaming InstancesUser AuthenticationWorkSpaces Applications MCP endpointsAWS IP address ranges @@ -173,0 +174,19 @@ Israel (Tel Aviv) | `appstream2.euc-sso.il-central-1.aws.amazon.com` +## WorkSpaces Applications MCP endpoints + +The following table lists the WorkSpaces Applications Model Context Protocol (MCP) endpoints. + +WorkSpaces Applications MCP endpoints Region | Domain +---|--- +Europe (Frankfurt) | `agentaccess-mcp.eu-central-1.api.aws` +US East (N. Virginia) | `agentaccess-mcp.us-east-1.api.aws` +Asia Pacific (Singapore) | `agentaccess-mcp.ap-southeast-1.api.aws` +Asia Pacific (Seoul) | `agentaccess-mcp.ap-northeast-2.api.aws` +Asia Pacific (Mumbai) | `agentaccess-mcp.ap-south-1.api.aws` +Asia Pacific (Tokyo) | `agentaccess-mcp.ap-northeast-1.api.aws` +US East (Ohio) | `agentaccess-mcp.us-east-2.api.aws` +US West (Oregon) | `agentaccess-mcp.us-west-2.api.aws` +Europe (Paris) | `agentaccess-mcp.eu-west-3.api.aws` +Europe (London) | `agentaccess-mcp.eu-west-2.api.aws` +Canada (Central) | `agentaccess-mcp.ca-central-1.api.aws` +Europe (Ireland) | `agentaccess-mcp.eu-west-1.api.aws` +