AWS prescriptive-guidance documentation change
Summary
Updated GitHub sample link, corrected image path, fixed service name reference, and apostrophe typo
Security assessment
Changes involve URL updates, image path corrections, and service name standardization ('Security Hub CSPM' to 'Security Hub'). No security vulnerabilities are addressed; existing security service references remain functionally unchanged.
Diff
diff --git a/prescriptive-guidance/latest/ou-structure-landing-zone/phase-1.md b/prescriptive-guidance/latest/ou-structure-landing-zone/phase-1.md index 987de1613..71216136e 100644 --- a//prescriptive-guidance/latest/ou-structure-landing-zone/phase-1.md +++ b//prescriptive-guidance/latest/ou-structure-landing-zone/phase-1.md @@ -11 +11 @@ Architecture designSecurity OUInfrastructure Platform OUAdditional OUs -For the multinational pharmaceutical company in our example, the initial design of the organizations and OUs in AWS Organizations closely followed AWS recommendations for setting up AWS Control Tower. For an example, see the [Landing Zone Accelerator on AWS for Healthcare](https://github.com/aws-samples/landing-zone-accelerator-on-aws-for-healthcare). AWS Control Tower initially provisioned a simple OU structure with common foundational OUs, as described in the blog post [Best Practices for Organizational Units with AWS Organizations](https://aws.amazon.com/blogs/mt/best-practices-for-organizational-units-with-aws-organizations/?org_product_gs_bp_OUBlog), including the Security OU, the Platform Infrastructure OU, and company-specific OUs. +For the multinational pharmaceutical company in our example, the initial design of the organizations and OUs in AWS Organizations closely followed AWS recommendations for setting up AWS Control Tower. For an example, see the [Landing Zone Accelerator on AWS for Healthcare](https://github.com/awslabs/landing-zone-accelerator-on-aws/tree/main/reference/sample-configurations/lza-sample-config-healthcare). AWS Control Tower initially provisioned a simple OU structure with common foundational OUs, as described in the blog post [Best Practices for Organizational Units with AWS Organizations](https://aws.amazon.com/blogs/mt/best-practices-for-organizational-units-with-aws-organizations/?org_product_gs_bp_OUBlog), including the Security OU, the Platform Infrastructure OU, and company-specific OUs. @@ -17 +17 @@ The following diagram shows the initial OU architecture. - + @@ -21 +21 @@ The following diagram shows the initial OU architecture. -The Security OU broadly groups AWS accounts related to security functionality together and uses two accounts (Audit and Log Archive) to store security operational data for central logging and auditing access to the environment. AWS core security services such as Amazon GuardDuty and AWS Security Hub CSPM reside in the Audit account. +The Security OU broadly groups AWS accounts related to security functionality together and uses two accounts (Audit and Log Archive) to store security operational data for central logging and auditing access to the environment. AWS core security services such as Amazon GuardDuty and AWS Security Hub reside in the Audit account. @@ -39 +39 @@ Several considerations drove this initial design: - * Workload automation was part of each application’s ecosystem and did not need separation. + * Workload automation was part of each application's ecosystem and did not need separation.