AWS prescriptive-guidance documentation change
Summary
Fixed heading formatting, added space in 'privilege escalation', and replaced curly apostrophes with straight apostrophes in two places.
Security assessment
Changes are editorial (formatting, typography fixes). Existing security content about preventative controls remains unchanged. No vulnerability remediation or new security features.
Diff
diff --git a/prescriptive-guidance/latest/aws-security-controls/preventative-controls.md b/prescriptive-guidance/latest/aws-security-controls/preventative-controls.md index 39261fca6..616aa546e 100644 --- a//prescriptive-guidance/latest/aws-security-controls/preventative-controls.md +++ b//prescriptive-guidance/latest/aws-security-controls/preventative-controls.md @@ -13 +13 @@ ObjectivesProcessUse casesTechnologyBusiness outcomes -###### Review the following about this type of control: +Review the following about this type of control: @@ -42 +42 @@ The primary purpose of preventative controls is to minimize or avoid the likelih - * Preventing users from exceeding their intended permissions, known as _privilege escalation_ + * Preventing users from exceeding their intended permissions, known as _privilege_ _escalation_ @@ -90 +90 @@ If administrative and write permissions are assigned too broadly, a user can cir -If your business does not have a foreseeable need to use specific services, enable a _service control policy_ that limits which services can operate in an organization’s member accounts or restricts services based on the AWS Region. This preventative control can reduce the scope of impact if a threat actor manages to compromise and access an account in your organization. For more information, see Service control policies in this guide. +If your business does not have a foreseeable need to use specific services, enable a _service control policy_ that limits which services can operate in an organization's member accounts or restricts services based on the AWS Region. This preventative control can reduce the scope of impact if a threat actor manages to compromise and access an account in your organization. For more information, see Service control policies in this guide. @@ -102 +102 @@ In AWS Organizations, [service control policies](https://docs.aws.amazon.com/org - * SCPs are preventative controls because they define and enforce the maximum allowable permissions for IAM roles and users in the organization’s member accounts. + * SCPs are preventative controls because they define and enforce the maximum allowable permissions for IAM roles and users in the organization's member accounts.