AWS res medium security documentation change
Summary
Updated header to include certificate rotation and added automatic daily certificate retrieval from Secrets Manager
Security assessment
Added certificate rotation documentation and automated secret retrieval. Certificate rotation prevents expired/compromised certificates from being used, addressing potential MITM attacks. The automation ensures timely updates.
Diff
diff --git a/res/archive/release-minus-2/ug/setup-custom-domain-after-install.md b/res/archive/release-minus-2/ug/setup-custom-domain-after-install.md index 13cd1ca1c..74ea01b17 100644 --- a//res/archive/release-minus-2/ug/setup-custom-domain-after-install.md +++ b//res/archive/release-minus-2/ug/setup-custom-domain-after-install.md @@ -46 +46 @@ -###### Add certs to the VDIs +###### Add certs to the VDIs or rotate certs @@ -88 +88 @@ - 5. Terminate the existing dcv-gateway instance: ``<env-name>`-vdc-gateway` and wait for a new one to spin up. + 5. Terminate the existing dcv-gateway instance: ``<env-name>`-vdc-gateway` and wait for a new one to spin up. The dcv-gateway instance checks daily at 12:00 AM (midnight) UTC for changes to the certificate and private key values stored in Secrets Manager, and automatically retrieves and applies new values if updated.