AWS AWSCloudFormation documentation change
Summary
Clarified certificate import parameters and default date behavior for certificate activation/inactivation
Security assessment
The changes improve documentation around certificate management (a security feature) by clarifying parameter usage and default values, but there is no evidence of addressing a specific security vulnerability.
Diff
diff --git a/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-certificate.md b/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-certificate.md index 6f8521674..bcc0b04fd 100644 --- a/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-certificate.md +++ b/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-certificate.md @@ -8,0 +9,6 @@ Imports the signing and encryption certificates that you need to create local (A +You can import both the certificate and its chain in the `Certificate` parameter. + +###### Note + +If you use the `Certificate` parameter to upload both the certificate and its chain, don't use the `CertificateChain` parameter. + @@ -52 +58 @@ To declare this entity in your AWS CloudFormation template, use the following sy -An optional date that specifies when the certificate becomes active. +An optional date that specifies when the certificate becomes active. If you do not specify a value, `ActiveDate` takes the same value as `NotBeforeDate`, which is specified by the CA. @@ -114 +120 @@ _Minimum_ : `1` -An optional date that specifies when the certificate becomes inactive. +An optional date that specifies when the certificate becomes inactive. If you do not specify a value, `InactiveDate` takes the same value as `NotAfterDate`, which is specified by the CA.