Re: Changes to Server product policy
On Thu, Aug 04, 2022 at 10:13:05AM +0000, 'Amazon Web Services, Inc.' via Debian cloud accounts wrote:
> We are writing to inform you of policy changes to Server products.
>
> As of 8/1/22, we have published new requirements regarding usage instruction content, as well as additional requirements for the architecture diagram for CloudFormation products. The new requirements will be effective starting on 9/1/22.
The new policy is:
----
When creating usage instructions for your product, you must include the following information:
Location of all sensitive information saved by customers
Explain all data encryption configuration
Step-by-step instructions for rotating programmatic system credentials and cryptographic keys. The AMI security policies explain the basic requirements for listings that use credentials and cryptographic keys.
Provide detailed instructions on how the user interacts with your application to decrypt necessary data if your application makes use of any encryption techniques
Step-by-step instructions for how to assess and monitor the health and proper function of the application. For example:
Navigate to your Amazon EC2 console
and verify that you're in the correct region.
Choose Instance and select your launched instance.
Select the server to display your metadata page and choose the Status checks tab at the bottom of the page to review if your status checks passed or failed.
---
Our existing usage instructions in the AWS Marketplace aren't great
anyway, so I'll take a stab at a full rewrite in compliance with this
policy.
noah
Reply to: