AWS directoryservice medium security documentation change
Summary
Updated service account requirement from 'Administrator permissions' to 'member of Domain Admins group'
Security assessment
Specifically narrows privileged access requirements to Domain Admins group membership, reducing attack surface by eliminating overly broad administrative permissions. This addresses privilege creep security risks.
Diff
diff --git a/directoryservice/latest/admin-guide/create_hybrid_directory_prereqs.md b/directoryservice/latest/admin-guide/create_hybrid_directory_prereqs.md index 736557998..8a9c663e1 100644 --- a//directoryservice/latest/admin-guide/create_hybrid_directory_prereqs.md +++ b//directoryservice/latest/admin-guide/create_hybrid_directory_prereqs.md @@ -50 +50 @@ Gather the following information about your self-managed AD: - * Service account credentials with Administrator permissions to your self-managed AD + * A service account credential that is a member of the Domain Admins group in your self-managed AD