aws-samples
diff --git a/‎service_specific_guidance/accessanalyzer-specific-guidance.md‎
Lines changed: 22 additions & 54 deletions b/‎service_specific_guidance/accessanalyzer-specific-guidance.md‎
Lines changed: 22 additions & 54 deletions
diff --git a/‎service_specific_guidance/acm-pca-specific-guidance.md‎
Lines changed: 13 additions & 35 deletions b/‎service_specific_guidance/acm-pca-specific-guidance.md‎
Lines changed: 13 additions & 35 deletions
diff --git a/‎service_specific_guidance/acm-specific-guidance.md‎
Lines changed: 10 additions & 29 deletions b/‎service_specific_guidance/acm-specific-guidance.md‎
Lines changed: 10 additions & 29 deletions
diff --git a/‎service_specific_guidance/amp-specific-guidance.md‎
Lines changed: 15 additions & 39 deletions b/‎service_specific_guidance/amp-specific-guidance.md‎
Lines changed: 15 additions & 39 deletions
@@ -24,72 +24,40 @@ The following table specifies whether additional considerations apply to a speci
 
 **List of service APIs reviewed against data perimeter control objectives**
 
-* CreateAnalyzer
-
-* ListAnalyzers
-
+* ApplyArchiveRule
+* CancelPolicyGeneration
+* CheckAccessNotGranted
+* CheckNoNewAccess
+* CheckNoPublicAccess
 * CreateAccessPreview
-
+* CreateAnalyzer
 * CreateArchiveRule
-
-* StartPolicyGeneration
-
-* ListFindings
-
-* ListFindingsV2
-
-* StartResourceScan
-
+* DeleteAnalyzer
+* DeleteArchiveRule
 * GenerateFindingRecommendation
-
-* ApplyArchiveRule
-
-* TagResource
-
-* UpdateArchiveRule
-
-* UpdateFindings
-
-* ListAccessPreviewFindings
-
-* ListAccessPreviews
-
-* ListAnalyzedResources
-
-* ListArchiveRules
-
-* ListPolicyGenerations
-
-* ListTagsForResource
-
 * GetAccessPreview
-
 * GetAnalyzedResource
-
 * GetAnalyzer
-
 * GetArchiveRule
-
 * GetFinding
-
 * GetFindingV2
-
 * GetGeneratedPolicy
-
+* ListAccessPreviewFindings
+* ListAccessPreviews
+* ListAnalyzedResources
+* ListAnalyzers
+* ListArchiveRules
+* ListFindings
+* ListFindingsV2
+* ListPolicyGenerations
+* ListTagsForResource
+* StartPolicyGeneration
+* StartResourceScan
+* TagResource
 * UntagResource
-
-* CancelPolicyGeneration
-
-* CheckNoNewAccess
-
+* UpdateArchiveRule
+* UpdateFindings
 * ValidatePolicy
 
-* CheckAccessNotGranted
-
-* CheckNoPublicAccess
-
-* DeleteArchiveRule
-
-* DeleteAnalyzer
 
 
@@ -38,46 +38,24 @@ If you want to restrict access to trusted resources, consider implementing these
 
 **List of service APIs reviewed against data perimeter control objectives**
 
-* CreateCertificateAuthorityAuditReport
-
 * CreateCertificateAuthority
-
+* CreateCertificateAuthorityAuditReport
 * CreatePermission
-
-* PutPolicy
-
-* TagCertificateAuthority
-
-* UpdateCertificateAuthority
-
-* ListCertificateAuthorities
-
-* ListPermissions
-
-* ListTags
-
+* DeleteCertificateAuthority
+* DeletePermission
+* DeletePolicy
+* DescribeCertificateAuthority
+* DescribeCertificateAuthorityAuditReport
 * GetCertificate
-
 * GetCertificateAuthorityCertificate
-
 * GetCertificateAuthorityCsr
-
 * GetPolicy
-
-* DescribeCertificateAuthority
-
-* DescribeCertificateAuthorityAuditReport
-
+* IssueCertificate
+* ListCertificateAuthorities
+* ListPermissions
+* ListTags
+* PutPolicy
 * RestoreCertificateAuthority
-
+* TagCertificateAuthority
 * UntagCertificateAuthority
-
-* IssueCertificate
-
-* DeletePermission
-
-* DeletePolicy
-
-* DeleteCertificateAuthority
-
-
+* UpdateCertificateAuthority
@@ -35,38 +35,19 @@ If you want to restrict access to your networks to trusted identities and truste
 * **Preventative control example 2**: Consider using your existing security appliances such as outbound proxies to inspect service API calls in your environment for the identities making the calls and resources being accessed, and restrict the calls accordingly. This type of solution might have implications for security, scalability, latency, and reliability that you should evaluate carefully.
 
 
-
-
-
-
 **List of service APIs reviewed against data perimeter control objectives**
 
-* ImportCertificate
-
-* RequestCertificate
-
-* ExportCertificate
-
-* PutAccountConfiguration
-
 * AddTagsToCertificate
-
-* UpdateCertificateOptions
-
-* ListCertificates
-
-* ListTagsForCertificate
-
+* DeleteCertificate
+* DescribeCertificate
+* ExportCertificate
 * GetAccountConfiguration
-
 * GetCertificate
-
-* DescribeCertificate
-
-* RenewCertificate
-
+* ImportCertificate
+* ListCertificates
+* ListTagsForCertificate
+* PutAccountConfiguration
 * RemoveTagsFromCertificate
-
-* DeleteCertificate
-
-
+* RenewCertificate
+* RequestCertificate
+* UpdateCertificateOptions
@@ -19,52 +19,28 @@ The following table specifies whether additional considerations apply to a speci
 | Network perimeter | My resources can be accessed only from expected networks | Resource | RCP | N |
 
 *Y – Additional considerations apply. N – No additional considerations apply.
- 
 
 **List of service APIs reviewed against data perimeter control objectives**
 
-* ListWorkspaces
-
-* ListScrapers
-
-* CreateWorkspace
-
-* CreateRuleGroupsNamespace
-
-* PutRuleGroupsNamespace
-
 * CreateLoggingConfiguration
-
+* CreateRuleGroupsNamespace
 * CreateScraper
-
-* TagResource
-
-* UpdateLoggingConfiguration
-
-* UpdateWorkspaceAlias
-
-* ListRuleGroupsNamespaces
-
-* ListTagsForResource
-
-* GetDefaultScraperConfiguration
-
+* CreateWorkspace
+* DeleteLoggingConfiguration
+* DeleteRuleGroupsNamespace
+* DeleteScraper
+* DeleteWorkspace
 * DescribeLoggingConfiguration
-
 * DescribeRuleGroupsNamespace
-
 * DescribeScraper
-
 * DescribeWorkspace
-
+* GetDefaultScraperConfiguration
+* ListRuleGroupsNamespaces
+* ListScrapers
+* ListTagsForResource
+* ListWorkspaces
+* PutRuleGroupsNamespace
+* TagResource
 * UntagResource
-
-* DeleteLoggingConfiguration
-
-* DeleteRuleGroupsNamespace
-
-* DeleteScraper
-
-* DeleteWorkspace
-
-
+* UpdateLoggingConfiguration
+* UpdateWorkspaceAlias