AWS Security ChangesHomeSearch

AWS AWSCloudFormation documentation change

Service: AWSCloudFormation · 2025-04-01 · Documentation low

File: AWSCloudFormation/latest/UserGuide/aws-resource-transfer-certificate.md

Summary

Clarified certificate import parameters and default date behavior for certificate activation/inactivation

Security assessment

The changes improve documentation around certificate management (a security feature) by clarifying parameter usage and default values, but there is no evidence of addressing a specific security vulnerability.

Diff

diff --git a/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-certificate.md b/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-certificate.md
index 6f8521674..bcc0b04fd 100644
--- a/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-certificate.md
+++ b/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-certificate.md
@@ -8,0 +9,6 @@ Imports the signing and encryption certificates that you need to create local (A
+You can import both the certificate and its chain in the `Certificate` parameter.
+
+###### Note
+
+If you use the `Certificate` parameter to upload both the certificate and its chain, don't use the `CertificateChain` parameter.
+
@@ -52 +58 @@ To declare this entity in your AWS CloudFormation template, use the following sy
-An optional date that specifies when the certificate becomes active.
+An optional date that specifies when the certificate becomes active. If you do not specify a value, `ActiveDate` takes the same value as `NotBeforeDate`, which is specified by the CA. 
@@ -114 +120 @@ _Minimum_ : `1`
-An optional date that specifies when the certificate becomes inactive.
+An optional date that specifies when the certificate becomes inactive. If you do not specify a value, `InactiveDate` takes the same value as `NotAfterDate`, which is specified by the CA.