AWS prescriptive-guidance documentation change
Summary
Updated image paths, reformatted headings, and modified text descriptions for network access options. Added asterisks to 'Public internet access' phrase.
Security assessment
Changes involve formatting improvements and image path updates without introducing new security content. The existing security recommendation for public internet access (using AWS WAF and encryption) remains unchanged.
Diff
diff --git a/prescriptive-guidance/latest/saas-network-access-options/options-onprem.md b/prescriptive-guidance/latest/saas-network-access-options/options-onprem.md index f3bc5e429..55807c64e 100644 --- a//prescriptive-guidance/latest/saas-network-access-options/options-onprem.md +++ b//prescriptive-guidance/latest/saas-network-access-options/options-onprem.md @@ -7 +7 @@ -AWS Site-to-Site VPNAWS Direct ConnectTransit VPC architecturePublic internet +Connecting with AWS Site-to-Site VPNConnecting with AWS Direct ConnectConnecting with a transit VPC architectureConnecting through the public internet @@ -13 +13 @@ This section discusses connectivity options between SaaS workloads in the AWS Cl -###### This section discusses the following network access approaches: +**This section discusses the following network access approaches:** @@ -32 +32 @@ The provider-managed transit VPC option is excluded because the scores heavily d - + @@ -60 +60 @@ The following diagram shows this architecture. - + @@ -110 +110 @@ The following diagram shows this architecture. - + @@ -166 +166 @@ Consumers can connect using one to four Direct Connect connections from a total - + @@ -208 +208 @@ In this approach, the SaaS provider leaves management of the transit VPCs up to - + @@ -236 +236 @@ This approach uses the same technologies, but the account boundaries and respons - + @@ -260 +260 @@ The following are the drawbacks of this approach: -Public internet access is also a valid option for providing access to a SaaS offering, although it does not offer private connectivity in the traditional sense. Some consumers might still prefer a public access approach because it requires no additional networking infrastructure between them and the SaaS provider. It reduces complexity, cost, and integration time in exchange for an increased attack surface. Strong authentication and authorization mechanisms can help mitigate the increased threat level, and you should always encrypt traffic. It is still recommended that you have an additional layer of security in this scenario, such as by using [AWS WAF](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html). +Public internet access**** is also a valid option for providing access to a SaaS offering, although it does not offer private connectivity in the traditional sense. Some consumers might still prefer a public access approach because it requires no additional networking infrastructure between them and the SaaS provider. It reduces complexity, cost, and integration time in exchange for an increased attack surface. Strong authentication and authorization mechanisms can help mitigate the increased threat level, and you should always encrypt traffic. It is still recommended that you have an additional layer of security in this scenario, such as by using [AWS WAF](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html). @@ -264 +264 @@ The architecture in this scenario is straightforward. The consumer connects to a - +