AWS Security ChangesHomeSearch

AWS prescriptive-guidance documentation change

Service: prescriptive-guidance · 2026-07-10 · Documentation low

File: prescriptive-guidance/latest/containerize-java-a2c/assessment.md

Summary

Updated navigation link, added bold formatting to section headers, fixed apostrophes, added CloudWatch link, and modified a heading.

Security assessment

The changes are primarily cosmetic (formatting, link updates, apostrophe fixes) and informational (adding a CloudWatch link). While the 'Regulatory compliance' section mentions security practices like vulnerability checks and access controls, these were already present in the original text. No new security vulnerabilities are addressed or security features documented.

Diff

diff --git a/prescriptive-guidance/latest/containerize-java-a2c/assessment.md b/prescriptive-guidance/latest/containerize-java-a2c/assessment.md
index 4f57a7c67..4c97c5ac3 100644
--- a//prescriptive-guidance/latest/containerize-java-a2c/assessment.md
+++ b//prescriptive-guidance/latest/containerize-java-a2c/assessment.md
@@ -5 +5 @@
-[Documentation](/index.html)[AWS Prescriptive Guidance](https://aws.amazon.com/prescriptive-guidance/)[Containerizing and migrating Java applications using AWS App2Container](welcome.html)
+[Documentation](/index.html)[AWS Prescriptive Guidance](https://aws.amazon.com/prescriptive-guidance/)[Containerizing and migrating Java applications using AWS App2Container](introduction.html)
@@ -13 +13 @@ During the assessment phase, focus on the following key areas:
-  * Operating system dependencies for containerization – Automated containerization tools such as AWS App2Container have some limitations on the application frameworks and operating systems for containerization. For more information about the supported applications, see the [App2Container documentation](https://docs.aws.amazon.com/app2container/latest/UserGuide/supported-applications.html).
+  * **Operating system dependencies for containerization** – Automated containerization tools such as AWS App2Container have some limitations on the application frameworks and operating systems for containerization. For more information about the supported applications, see the [App2Container documentation](https://docs.aws.amazon.com/app2container/latest/UserGuide/supported-applications.html).
@@ -15 +15 @@ During the assessment phase, focus on the following key areas:
-  * Regulatory compliance – It’s efficient to ensure containerized applications are compliant with all the regulations before they are deployed on the target environment, instead of acting in a reactive way after deployment and mitigating then. Check for vulnerabilities in the images, unauthorized inter-container communication, access controls to containers and data, and automated scans to prevent malicious activity.
+  * **Regulatory compliance** – It's efficient to ensure containerized applications are compliant with all the regulations before they are deployed on the target environment, instead of acting in a reactive way after deployment and mitigating then. Check for vulnerabilities in the images, unauthorized inter-container communication, access controls to containers and data, and automated scans to prevent malicious activity.
@@ -17 +17 @@ During the assessment phase, focus on the following key areas:
-  * Disaster recovery (DR) solution – Each application has its own specific service level agreement (SLA) for downtime. Keep in mind the application’s recovery point objective (RPO) and recovery time objective (RTO) when planning the distribution of the container clusters. App2Container by default deploys the application to multiple Availability Zones.
+  * **Disaster recovery (DR) solution** – Each application has its own specific service level agreement (SLA) for downtime. Keep in mind the application's recovery point objective (RPO) and recovery time objective (RTO) when planning the distribution of the container clusters. App2Container by default deploys the application to multiple Availability Zones.
@@ -19 +19 @@ During the assessment phase, focus on the following key areas:
-  * Data storage – Containers are best used as stateless. For stateful containers, the data must be stored external to the container. If a container goes out of service, you can spin up a new one using the image and the external volume attached with no data loss.
+  * **Data storage** – Containers are best used as stateless. For stateful containers, the data must be stored external to the container. If a container goes out of service, you can spin up a new one using the image and the external volume attached with no data loss.
@@ -21 +21 @@ During the assessment phase, focus on the following key areas:
-  * Configuration and secrets management – The target environment’s parameter store or the secret store can be used to store and retrieve from configuration and secrets from the container. It’s vital to ensure that the secrets are accessible to the relevant container only. All operations on configuration and secrets should be logged. The communication channel between the container and the secret store must be secure.
+  * **Configuration and secrets management** – The target environment's parameter store or the secret store can be used to store and retrieve from configuration and secrets from the container. It's vital to ensure that the secrets are accessible to the relevant container only. All operations on configuration and secrets should be logged. The communication channel between the container and the secret store must be secure.
@@ -23 +23 @@ During the assessment phase, focus on the following key areas:
-  * Logs management – For auditing, the logs generated by each container will be shipped to a log management service that resides external to the container. Because an application consists of multiple services and processes, each residing in different containers, the logs from each container should have a unique ID.
+  * **Logs management** – For auditing, the logs generated by each container will be shipped to a log management service that resides external to the container. Because an application consists of multiple services and processes, each residing in different containers, the logs from each container should have a unique ID. 
@@ -25 +25 @@ During the assessment phase, focus on the following key areas:
-  * Build and deployment process – Most enterprises have some sort of build and deployment process to release their applications and features. To take advantage of containerization, building and deploying the applications should be automated using a CI/CD pipeline. A pipeline brings advantages such as one-click infrastructure provisioning and decommissioning, faster and error-proof deployments, automation, and reduced time to release new features.
+  * **Build and deployment process** – Most enterprises have some sort of build and deployment process to release their applications and features. To take advantage of containerization, building and deploying the applications should be automated using a CI/CD pipeline. A pipeline brings advantages such as one-click infrastructure provisioning and decommissioning, faster and error-proof deployments, automation, and reduced time to release new features.
@@ -27 +27 @@ During the assessment phase, focus on the following key areas:
-  * Upstream and downstream applications – It’s a good practice to containerize and migrate all dependent applications in batches. In scenarios where that is not feasible, communication channels from the containerized application to the upstream and downstream applications should be securely opened. Ensure that the bandwidth supported by this channel doesn’t disrupt the application functionality.
+  * **Upstream and downstream applications** – It's a good practice to containerize and migrate all dependent applications in batches. In scenarios where that is not feasible, communication channels from the containerized application to the upstream and downstream applications should be securely opened. Ensure that the bandwidth supported by this channel doesn't disrupt the application functionality.
@@ -29 +29 @@ During the assessment phase, focus on the following key areas:
-  * License dependencies – Multiple instances of an application run within containers, which can become costly. Check the contracts and eligibility to deploy software on containers. Understand what tools are used for metering the software consumed on containers.
+  * **License dependencies** – Multiple instances of an application run within containers, which can become costly. Check the contracts and eligibility to deploy software on containers. Understand what tools are used for metering the software consumed on containers.
@@ -31 +31 @@ During the assessment phase, focus on the following key areas:
-  * Containerization possibility on application servers or worker machines – The containerization process consumes additional resources on the server, such as the disk space, computational power and memory. The application server must be analyzed to ensure that it is capable of supporting the containerization process. Otherwise, you can use a worker machine that has the required resources and can communicate with the application server.
+  * **Containerization possibility on application servers or worker machines** – The containerization process consumes additional resources on the server, such as the disk space, computational power and memory. The application server must be analyzed to ensure that it is capable of supporting the containerization process. Otherwise, you can use a worker machine that has the required resources and can communicate with the application server.
@@ -33 +33 @@ During the assessment phase, focus on the following key areas:
-  * Developer skills and production support on containers – The current application team should upskill themselves on the containerization technology. The team should be able to troubleshoot issues in the process, tweak the configurations if needed and be able to support the applications deployed on containers.
+  * **Developer skills and production support on containers** – The current application team should upskill themselves on the containerization technology. The team should be able to troubleshoot issues in the process, tweak the configurations if needed and be able to support the applications deployed on containers.
@@ -51 +51 @@ Most enterprise applications are integrated with various other services for auth
-Data stored in file systems can be migrated to AWS using various [tools](https://aws.amazon.com/cloud-data-migration/) that cater to the use case. Data stored in a cache such as Redis can be [migrated](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/backups-seeding-redis.html) to Amazon ElastiCache. Data stored in databases can be migrated by using the database’s own native tools or by using [AWS Database Migration Service](https://aws.amazon.com/dms/) (AWS DMS). AWS DMS also provides the change data capture (CDC) option to replicate ongoing changes from a source data store until cutover.
+Data stored in file systems can be migrated to AWS using various [tools](https://aws.amazon.com/cloud-data-migration/) that cater to the use case. Data stored in a cache such as Redis can be [migrated](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/backups-seeding-redis.html) to Amazon ElastiCache. Data stored in databases can be migrated by using the database's own native tools or by using [AWS Database Migration Service](https://aws.amazon.com/dms/) (AWS DMS). AWS DMS also provides the change data capture (CDC) option to replicate ongoing changes from a source data store until cutover.
@@ -53 +53 @@ Data stored in file systems can be migrated to AWS using various [tools](https:/
-AWS provides its own monitoring and operational data logging and visualizing service called Amazon CloudWatch. A CloudWatch agent can be packed into the container along with the application to use this service.
+AWS provides its own monitoring and operational data logging and visualizing service called [Amazon CloudWatch](https://aws.amazon.com/cloudwatch/). A CloudWatch agent can be packed into the container along with the application to use this service.
@@ -55 +55 @@ AWS provides its own monitoring and operational data logging and visualizing ser
-For organizations where source code is not available or not maintainable, App2Container is a great fit for containerization because it operates on the application’s runtime environment and doesn’t require the source code.
+For organizations where source code is not available or not maintainable, App2Container is a great fit for containerization because it operates on the application's runtime environment and doesn't require the source code. 
@@ -65 +65 @@ Introduction
-Prerequisites
+Prerequisites and setup