AWS Security ChangesHomeSearch

AWS solutions documentation change

Service: solutions · 2026-05-22 · Documentation low

File: solutions/latest/distributed-load-testing-on-aws/deploy-the-solution.md

Summary

Added new section comparing three web console hosting options with security-focused deployment recommendations.

Security assessment

The change documents security-conscious deployment patterns including AWS WAF protection, VPC Block Public Access compliance, and private hosting options. This enhances security documentation but doesn't address a specific vulnerability.

Diff

diff --git a/solutions/latest/distributed-load-testing-on-aws/deploy-the-solution.md b/solutions/latest/distributed-load-testing-on-aws/deploy-the-solution.md
index c27709634..e50454efb 100644
--- a//solutions/latest/distributed-load-testing-on-aws/deploy-the-solution.md
+++ b//solutions/latest/distributed-load-testing-on-aws/deploy-the-solution.md
@@ -10,0 +11,8 @@ Deployment process overview
+This solution offers three web console hosting options. The backend architecture and Amazon Cognito authentication model are identical across all options.
+
+Hosting option | Description | When to use  
+---|---|---  
+**CloudFront + S3 (default)** |  The web console is hosted in Amazon S3 and served through Amazon CloudFront. |  Recommended for most deployments. Provides global edge caching and requires no additional infrastructure.  
+**ALB + ECS Fargate** |  The web console runs on an ECS Fargate service behind an Application Load Balancer with a customer-provided ACM certificate and custom domain. An AWS WAF web ACL is deployed in front of the ALB to filter common web-based attacks. |  Use when VPC Block Public Access (BPA) policies prevent traffic from public CloudFront distributions, when your organization requires zero public internet exposure, when you need a custom domain name for the web console, or when you need web application firewall protection with customizable rules. Common in regulated industries (finance, healthcare, government) and environments with strict compliance requirements.  
+**Headless (bring your own web server)** |  The solution deploys the backend only and provides a downloadable zip of the web console static assets for hosting on your own web server. |  Use when you want to host the web console on existing infrastructure outside of AWS, when corporate policies require hosting on managed web servers, or when your organization mandates complete network isolation with no public-facing endpoints regardless of authentication mechanisms.  
+