AWS Security ChangesHomeSearch

AWS prescriptive-guidance documentation change

Service: prescriptive-guidance · 2026-07-10 · Documentation low

File: prescriptive-guidance/latest/strategy-aws-semicon-workloads/prevent-unauthorized-access.md

Summary

Updated document title formatting, fixed apostrophe usage, standardized AWS Network Firewall references, updated Squid proxy link to HTTPS, and modified section headings for consistency

Security assessment

Changes are primarily editorial improvements and formatting updates. The HTTPS update for Squid link improves security hygiene but doesn't address a specific vulnerability. No new security features or vulnerability mitigations were documented.

Diff

diff --git a/prescriptive-guidance/latest/strategy-aws-semicon-workloads/prevent-unauthorized-access.md b/prescriptive-guidance/latest/strategy-aws-semicon-workloads/prevent-unauthorized-access.md
index 15e4ee00b..5d9fe13c4 100644
--- a//prescriptive-guidance/latest/strategy-aws-semicon-workloads/prevent-unauthorized-access.md
+++ b//prescriptive-guidance/latest/strategy-aws-semicon-workloads/prevent-unauthorized-access.md
@@ -5 +5 @@
-[Documentation](/index.html)[AWS Prescriptive Guidance](https://aws.amazon.com/prescriptive-guidance/)[Strategy for securing semiconductor development environments on AWS](introduction.html)
+[Documentation](/index.html)[AWS Prescriptive Guidance](https://aws.amazon.com/prescriptive-guidance/)[Securing semiconductor development environments on AWS](introduction.html)
@@ -51 +51 @@ You can also authenticate and authorize users by using [AWS Directory Service](h
-AWS provides several ways to migrate on-premises data to the cloud. It’s common to initially store the data in [Amazon Simple Storage Service (Amazon S3)](https://docs.aws.amazon.com/AmazonS3/latest/userguide/Welcome.html). Amazon S3 is a cloud-based object storage service that helps you store, protect, and retrieve any amount of data. It provides bandwidth of up to 25 Gbps when transferring data to or from an Amazon Elastic Compute Cloud (Amazon EC2) instance. It also offers cross-Region data replication and data tiering. Data stored in Amazon S3 can serve as a replication source. You can use it to create new file systems or to transfer data to EC2 instances. You can use Amazon S3 as the backend of an AWS managed, Portable Operating System Interface (POSIX)-compliant file system for semiconductor tools and flows.
+AWS provides several ways to migrate on-premises data to the cloud. It's common to initially store the data in [Amazon Simple Storage Service (Amazon S3)](https://docs.aws.amazon.com/AmazonS3/latest/userguide/Welcome.html). Amazon S3 is a cloud-based object storage service that helps you store, protect, and retrieve any amount of data. It provides bandwidth of up to 25 Gbps when transferring data to or from an Amazon Elastic Compute Cloud (Amazon EC2) instance. It also offers cross-Region data replication and data tiering. Data stored in Amazon S3 can serve as a replication source. You can use it to create new file systems or to transfer data to EC2 instances. You can use Amazon S3 as the backend of an AWS managed, Portable Operating System Interface (POSIX)-compliant file system for semiconductor tools and flows.
@@ -57 +57 @@ AWS recommends that you [define storage requirements](https://docs.aws.amazon.co
-AWS provides additional services to help control data flows, including application-aware network firewalls such as [AWS Network Firewall](https://docs.aws.amazon.com/network-firewall/latest/developerguide/what-is-aws-network-firewall.html), [Amazon Route 53 Resolver DNS Firewall](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-dns-firewall.html), [AWS WAF](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html), and web proxies. Control data flows within the environment by enforcing network segmentation with [security groups](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-security-groups.html), [network access control lists](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html), and VPC endpoints in Amazon Virtual Private Cloud (Amazon VPC), Network Firewall, [transit gateway route tables](https://docs.aws.amazon.com/vpc/latest/tgw/tgw-route-tables.html), and [service control policies (SCPs)](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html) in AWS Organizations. Centrally log all network traffic by using [VPC Flow Logs](https://docs.aws.amazon.com/prescriptive-guidance/latest/logging-monitoring-for-application-owners/vpc-flow-logs.html) and the [available fields](https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html#flow-logs-fields) from versions 2–5 of VPC Flow Logs.
+AWS provides additional services to help control data flows, including application-aware network firewalls such as [AWS Network Firewall](https://docs.aws.amazon.com/network-firewall/latest/developerguide/what-is-aws-network-firewall.html), [Amazon Route 53 Resolver DNS Firewall](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-dns-firewall.html), [AWS WAF](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html), and web proxies. Control data flows within the environment by enforcing network segmentation with [security groups](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-security-groups.html), [network access control lists](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html), and VPC endpoints in Amazon Virtual Private Cloud (Amazon VPC), AWS Network Firewall, [transit gateway route tables](https://docs.aws.amazon.com/vpc/latest/tgw/tgw-route-tables.html), and [service control policies (SCPs)](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html) in AWS Organizations. Centrally log all network traffic by using [VPC Flow Logs](https://docs.aws.amazon.com/prescriptive-guidance/latest/logging-monitoring-for-application-owners/vpc-flow-logs.html) and the [available fields](https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html#flow-logs-fields) from versions 2­–5 of VPC Flow Logs.
@@ -67 +67 @@ Encrypt data in transit by enforcing a minimum of TLS 1.2 with an industry-stand
-If the secure development environment requires internet access, then all outbound internet traffic should be logged and restricted through a network-level enforcement point, such as through Network Firewall or [Squid](http://www.squid-cache.org/Intro/), which is an open-source proxy. VPC endpoints and the internet proxy help protect against unauthorized exfiltration of data by users. This is critical to allow access to data within the secure development environment and only within the VPC.
+If the secure development environment requires internet access, then all outbound internet traffic should be logged and restricted through a network-level enforcement point, such as through AWS Network Firewall or [Squid](https://www.squid-cache.org/Intro/), which is an open-source proxy. VPC endpoints and the internet proxy help protect against unauthorized exfiltration of data by users. This is critical to allow access to data within the secure development environment and only within the VPC.
@@ -79 +79 @@ To use the Amazon Web Services Documentation, Javascript must be enabled. Please
-Securing semiconductor data
+Securing semiconductor data on AWS
@@ -81 +81 @@ Securing semiconductor data
-Meeting data residency requirements
+Meeting data residency requirements on AWS