AWS AWSCloudFormation documentation change
Summary
Clarified encryption key requirements by specifying the secret ARN is required for static key encryption and invalid for SPEKE encryption. Abbreviated 'Amazon Resource Name' to 'ARN'.
Security assessment
The change clarifies proper encryption configuration but does not address a specific vulnerability. Enhances documentation about security-related encryption parameters.
Diff
diff --git a/AWSCloudFormation/latest/UserGuide/aws-properties-mediaconnect-flowoutput-encryption.md b/AWSCloudFormation/latest/UserGuide/aws-properties-mediaconnect-flowoutput-encryption.md index 36fad3d35..a36fc7a11 100644 --- a/AWSCloudFormation/latest/UserGuide/aws-properties-mediaconnect-flowoutput-encryption.md +++ b/AWSCloudFormation/latest/UserGuide/aws-properties-mediaconnect-flowoutput-encryption.md @@ -64 +64 @@ _Required_ : No -The Amazon Resource Name (ARN) of the role that you created during setup (when you set up MediaConnect as a trusted entity). +The ARN of the role that you created during setup (when you set up MediaConnect as a trusted entity). @@ -75 +75 @@ _Required_ : Yes -The ARN of the secret that you created in AWS Secrets Manager to store the encryption key. +The ARN of the secret that you created in AWS Secrets Manager to store the encryption key. This parameter is required for static key encryption and is not valid for SPEKE encryption.