AWS Security ChangesHomeSearch

AWS whitepapers documentation change

Service: whitepapers · 2026-06-19 · Documentation low

File: whitepapers/latest/aws-security-incident-response-guide/recovery.md

Summary

Removed entire content of the Recovery section including incident response procedures, NIST guidelines, backup verification steps, and password rotation recommendations.

Security assessment

This is a deletion of existing security documentation without adding new content. While the removed content was security-related, the change itself doesn't address a specific vulnerability or incident. No evidence exists that this deletion fixes a security issue.

Diff

diff --git a/whitepapers/latest/aws-security-incident-response-guide/recovery.md b/whitepapers/latest/aws-security-incident-response-guide/recovery.md
index 8feff6ddf..8b1378917 100644
--- a//whitepapers/latest/aws-security-incident-response-guide/recovery.md
+++ b//whitepapers/latest/aws-security-incident-response-guide/recovery.md
@@ -1 +0,0 @@
-[View a markdown version of this page](recovery.md)
@@ -3,73 +1,0 @@
-[](/pdfs/security-ir/latest/userguide/sir-ug.pdf#recovery "Open PDF")
-
-[Documentation](/index.html)[Security Incident Response](/security-ir/index.html)[](what-is.html)
-
-# Recovery
-
-Recovery is the process of restoring systems to a known safe state, validating that backups are safe or unaffected by the incident prior to restoration, testing to verify that the systems are working properly post-restoration, and addressing vulnerabilities associated with the security event. 
-
-The order of recovery depends on your organization’s requirements. As part of the process of recovery, you should perform a business impact analysis to determine, at minimum: 
-
-  * Business or dependency priorities 
-
-  * The restoration plan 
-
-  * Authentication and authorization 
-
-
-
-
-The NIST SP 800-61 Computer Security Incident Handling Guide provides several steps to recover systems, including: 
-
-  * Restoring systems from clean backups. 
-
-    * Verify that backups are evaluated before restoring to systems to make sure that the infection is not present and to prevent a resurgence of the security event. 
-
-Backups should be evaluated on a regular basis as part of disaster recovery testing to verify that the backup mechanism is working properly and the data integrity meets recovery point objectives. 
-
-    * If possible, use backups from before the first event timestamp identified as part of root cause analysis. 
-
-  * Rebuilding systems from scratch, including redeploying from trusted source using automation, sometime in a new AWS account. 
-
-  * Replacing compromised files with clean versions. 
-
-You should exercise great caution when doing this. You must be absolutely certain the file you are recovering is known safe and unaffected by the incident 
-
-  * Installing patches. 
-
-  * Changing passwords. 
-
-    * This includes passwords for IAM principals that might have been abused. 
-
-    * If possible, we recommend using roles for IAM principals and federation as part of a least privilege strategy. 
-
-  * Tightening network perimeter security (firewall rulesets, boundary router access control lists). 
-
-
-
-
-Once the resources have been recovered, it is important to capture lessons learned to update incident response policies, procedures, and guides. 
-
-In summary, it is imperative to implement a recovery process that facilitates a return to known safe operations. Recovery can take a long time and requires a close linkage with containment strategies to balance business impact against risk of reinfection. Recovery procedures should include steps for restoring resources and services, IAM principals, and performing a security review of the account to assess residual risk. 
-
-![Warning](https://d1ge0kk1l5kms0.cloudfront.net/images/G/01/webservices/console/warning.png) **Javascript is disabled or is unavailable in your browser.**
-
-To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.
-
-[Document Conventions](/general/latest/gr/docconventions.html)
-
-Eradication
-
-Conclusion
-
-Did this page help you? - Yes
-
-Thanks for letting us know we're doing a good job!
-
-If you've got a moment, please tell us what we did right so we can do more of it.
-
-Did this page help you? - No
-
-Thanks for letting us know this page needs work. We're sorry we let you down.
-
-If you've got a moment, please tell us how we can make the documentation better.