AWS prescriptive-guidance documentation change
Summary
Minor wording changes and formatting adjustments in security recommendations section
Security assessment
Changes include grammatical tweaks ('having to' -> 'needing to') and bold formatting for service names. The content maintains existing security recommendations about OIDC federation and monitoring tools without introducing new security features or addressing specific vulnerabilities. The security-related content was already present in previous version.
Diff
diff --git a/prescriptive-guidance/latest/terraform-aws-provider-best-practices/security.md b/prescriptive-guidance/latest/terraform-aws-provider-best-practices/security.md index 307adb790..d2a6c0980 100644 --- a//prescriptive-guidance/latest/terraform-aws-provider-best-practices/security.md +++ b//prescriptive-guidance/latest/terraform-aws-provider-best-practices/security.md @@ -166 +166 @@ Use the [OpenID Connect (OIDC) standard to federate GitHub Actions identity thro -Use the [OIDC standard to federate GitLab identities through IAM](https://docs.gitlab.com/ee/ci/cloud_services/aws/) for temporary access. By relying on OIDC, you avoid having to directly manage long-term AWS access keys within GitLab. Credentials are exchanged just-in-time, which improves security. Users also gain least privilege access according to the permissions in the IAM role. +Use the [OIDC standard to federate GitLab identities through IAM](https://docs.gitlab.com/ee/ci/cloud_services/aws/) for temporary access. By relying on OIDC, you avoid needing to directly manage long-term AWS access keys within GitLab. Credentials are exchanged just-in-time, which improves security. Users also gain least privilege access according to the permissions in the IAM role. @@ -192 +192 @@ AWS provides several services and features that you can use to set up alerts and - * [AWS Config](https://aws.amazon.com/config/): You can use AWS Config rules to evaluate the configuration settings of your AWS resources, including IAM access keys. You can create custom rules to check for specific conditions, such as unused access keys that are older than a specific number of days. When a rule is violated, AWS Config can start an evaluation for remediation or send notifications to an Amazon Simple Notification Service (Amazon SNS) topic. + * [**AWS Config**](https://aws.amazon.com/config/): You can use AWS Config rules to evaluate the configuration settings of your AWS resources, including IAM access keys. You can create custom rules to check for specific conditions, such as unused access keys that are older than a specific number of days. When a rule is violated, AWS Config can start an evaluation for remediation or send notifications to an Amazon Simple Notification Service (Amazon SNS) topic. @@ -194 +194 @@ AWS provides several services and features that you can use to set up alerts and - * [AWS Security Hub CSPM](https://aws.amazon.com/security-hub/): Security Hub CSPM provides a comprehensive view of your AWS account's security posture and can help detect and notify you about potential security issues, including unused or inactive IAM access keys. Security Hub CSPM can integrate with Amazon EventBridge and Amazon SNS or Amazon Q Developer in chat applications to send notifications to administrators. + * [**AWS Security Hub CSPM**](https://aws.amazon.com/security-hub/): Security Hub CSPM provides a comprehensive view of your AWS account's security posture and can help detect and notify you about potential security issues, including unused or inactive IAM access keys. Security Hub CSPM can integrate with Amazon EventBridge and Amazon SNS or Amazon Q Developer in chat applications to send notifications to administrators. @@ -196 +196 @@ AWS provides several services and features that you can use to set up alerts and - * [AWS Lambda](https://aws.amazon.com/lambda/): Lambda functions can be called by various events, including Amazon CloudWatch Events or AWS Config rules. You can write custom Lambda functions to evaluate IAM access key usage, perform additional checks, and send notifications by using services such as Amazon SNS or Amazon Q Developer in chat applications. + * [**AWS Lambda**](https://aws.amazon.com/lambda/): Lambda functions can be called by various events, including Amazon CloudWatch Events or AWS Config rules. You can write custom Lambda functions to evaluate IAM access key usage, perform additional checks, and send notifications by using services such as Amazon SNS or Amazon Q Developer in chat applications.