On Thu, Aug 04, 2022 at 10:13:05AM +0000, 'Amazon Web Services, Inc.' via
Debian cloud accounts wrote:
> We are writing to inform you of policy changes to Server products.
>
> As of 8/1/22, we have published new requirements regarding usage instruction
> content, as well as additional requirements for the architecture diagram for
> CloudFormation products. The new requirements will be effective starting on
> 9/1/22.
The new policy is:
----
When creating usage instructions for your product, you must include the
following information:
Location of all sensitive information saved by customers
Explain all data encryption configuration
Step-by-step instructions for rotating programmatic system credentials and
cryptographic keys. The AMI security policies explain the basic requirements
for listings that use credentials and cryptographic keys.
Provide detailed instructions on how the user interacts with your
application to decrypt necessary data if your application makes use of any
encryption techniques
Step-by-step instructions for how to assess and monitor the health and
proper function of the application. For example:
Navigate to your Amazon EC2 console
and verify that you're in the correct region.
Choose Instance and select your launched instance.
Select the server to display your metadata page and choose the Status checks
tab at the bottom of the page to review if your status checks passed or failed.
---
Our existing usage instructions in the AWS Marketplace aren't great
anyway, so I'll take a stab at a full rewrite in compliance with this
policy.
noah
