AWS prescriptive-guidance documentation change
Summary
Removed survey link, updated image paths, and removed reference to AWS WAF Classic rules in Firewall Manager description
Security assessment
The changes are primarily cosmetic (image path updates and survey removal) and one service reference update. Removing 'AWS WAF Classic rules' from Firewall Manager capabilities reflects service evolution, not a security vulnerability. No CVE, vulnerability disclosure, or security advisory is referenced in the changes.
Diff
diff --git a/prescriptive-guidance/latest/security-reference-architecture/security-services.md b/prescriptive-guidance/latest/security-reference-architecture/security-services.md index 5e2a164af..2e95cd132 100644 --- a//prescriptive-guidance/latest/security-reference-architecture/security-services.md +++ b//prescriptive-guidance/latest/security-reference-architecture/security-services.md @@ -11,3 +10,0 @@ Organization-wide or multiple accountsAWS accountsVirtual network, compute, and -Influence the future of the AWS Security Reference Architecture (AWS SRA) by taking a [short survey](https://amazonmr.au1.qualtrics.com/jfe/form/SV_e3XI1t37KMHU2ua). ---- - @@ -18 +15 @@ As a complement to this functional view, you can also view your security with a - + @@ -26 +23 @@ For clarity, we provide brief descriptions of how some of the services fit the s -At the top level, there are AWS services and features that are designed to apply governance and control capabilities or guardrails across multiple accounts in an AWS organization (including the entire organization or specific OUs). Service control policies (SCPs) and resource control policies (RCPs) are good examples of IAM features that provide preventative, AWS organization-wide guardrails. AWS Organizations also provides a declarative policy that centrally defines and enforces the baseline configuration for AWS services at scale. Another example is CloudTrail, which provides monitoring through an _organization trail_ that logs all events for all AWS accounts in that AWS organization. This comprehensive trail is distinct from individual trails that might be created in each account. A third example is AWS Firewall Manager, which you can use to configure, apply, and manage multiple resources across all accounts in your AWS organization: AWS WAF rules, AWS WAF Classic rules, AWS Shield Advanced protections, Amazon Virtual Private Cloud (Amazon VPC) security groups, AWS Network Firewall policies, and Amazon Route 53 Resolver DNS Firewall policies. +At the top level, there are AWS services and features that are designed to apply governance and control capabilities or guardrails across multiple accounts in an AWS organization (including the entire organization or specific OUs). Service control policies (SCPs) and resource control policies (RCPs) are good examples of IAM features that provide preventative, AWS organization-wide guardrails. AWS Organizations also provides a declarative policy that centrally defines and enforces the baseline configuration for AWS services at scale. Another example is CloudTrail, which provides monitoring through an _organization trail_ that logs all events for all AWS accounts in that AWS organization. This comprehensive trail is distinct from individual trails that might be created in each account. A third example is AWS Firewall Manager, which you can use to configure, apply, and manage multiple resources across all accounts in your AWS organization: AWS WAF rules, AWS Shield Advanced protections, Amazon Virtual Private Cloud (Amazon VPC) security groups, AWS Network Firewall policies, and Amazon Route 53 Resolver DNS Firewall policies. @@ -30 +27 @@ The services marked with an asterisk (*) in the following diagram operate with a - + @@ -36 +33 @@ Within OUs, there are services that help protect multiple types of elements with - + @@ -42 +39 @@ Because network access is so critical in security, and compute infrastructure is - + @@ -58 +55 @@ The following diagram illustrates AWS security services and features for AWS pri - + @@ -62 +59 @@ The following diagram illustrates services and features for account resources. R - +