FAQ-000836 - External Platform Security / External Platform Hosting and AWS

For AWS integrations during the AppExchange security review, you need to provide: 1. **Detailed Solution Documentation**: Include user documentation for your solution. 2. **Architecture Diagrams or Descriptions**: Clearly outline how AWS is integrated into your solution. 3. **Security Scan Reports**: Submit reports from security scans of your solution. 4. **Access to Environments**: Provide access to all environments, packages, and external components, including external web applications or services. 5. **False-Positive Documentation**: If applicable, include documentation for any flagged issues that are false positives, ensuring all issues are either resolved or documented. This documentation ensures a smooth review process.

The FAQ content is clear and complete, covering the essential documentation requirements for AWS integrations during AppExchange security review. No significant content changes are needed as the information is accurate and well-structured. The related security rules are relevant because AWS integrations commonly involve: external API calls requiring secure credential management (ApexSuggestUsingNamedCred, AvoidHardcodedCredentialsInFieldDecls, AvoidHardcodedCredentialsInHttpHeader, AvoidHardcodedCredentialsInVarAssign, AvoidHardcodedCredentialsInVarDecls), secure endpoint configuration (ApexInsecureEndpoint, AvoidInsecureHttpRemoteSiteSetting), and HTTPS callback URLs for OAuth flows (UseHttpsCallbackUrlConnectedApp). These rules directly apply to the technical implementation aspects that would be documented and reviewed as part of the AWS integration architecture and security scan reports mentioned in points 2 and 3 of the FAQ.