AWS AWSCloudFormation documentation change
Summary
Clarified secret ARN usage requirements for static key vs SPEKE encryption
Security assessment
Explicitly documents when secret ARN is required for encryption configuration, enhancing clarity around existing security feature usage. No vulnerability addressed.
Diff
diff --git a/AWSCloudFormation/latest/UserGuide/aws-properties-mediaconnect-flowentitlement-encryption.md b/AWSCloudFormation/latest/UserGuide/aws-properties-mediaconnect-flowentitlement-encryption.md index 6dec2aa12..6e42db63b 100644 --- a/AWSCloudFormation/latest/UserGuide/aws-properties-mediaconnect-flowentitlement-encryption.md +++ b/AWSCloudFormation/latest/UserGuide/aws-properties-mediaconnect-flowentitlement-encryption.md @@ -118 +118 @@ _Required_ : No -The Amazon Resource Name (ARN) of the role that you created during setup (when you set up MediaConnect as a trusted entity). +The ARN of the role that you created during setup (when you set up MediaConnect as a trusted entity). @@ -129 +129 @@ _Required_ : Yes -The ARN of the secret that you created in AWS Secrets Manager to store the encryption key. +The ARN of the secret that you created in AWS Secrets Manager to store the encryption key. This parameter is required for static key encryption and is not valid for SPEKE encryption.