AWS Security ChangesHomeSearch

AWS AWSCloudFormation documentation change

Service: AWSCloudFormation · 2025-04-11 · Documentation medium

File: AWSCloudFormation/latest/UserGuide/aws-properties-transfer-connector-sftpconfig.md

Summary

Added operational notes about TrustedHostKeys handling and secret requirements for SFTP connectors

Security assessment

Documents security-adjacent configuration practices (host key verification and secret management) but does not address specific vulnerabilities

Diff

diff --git a/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-connector-sftpconfig.md b/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-connector-sftpconfig.md
index 4dd141ce7..346db72e3 100644
--- a//AWSCloudFormation/latest/UserGuide/aws-properties-transfer-connector-sftpconfig.md
+++ b//AWSCloudFormation/latest/UserGuide/aws-properties-transfer-connector-sftpconfig.md
@@ -36,0 +37,4 @@ The public portion of the host key, or keys, that are used to identify the exter
+###### Note
+
+`TrustedHostKeys` is optional for `CreateConnector`. If not provided, you can use `TestConnection` to retrieve the server host key during the initial connection attempt, and subsequently update the connector with the observed host key.
+
@@ -70,0 +75,9 @@ The identifier for the secret (in AWS Secrets Manager) that contains the SFTP us
+###### Note
+
+  * Required when creating an SFTP connector
+
+  * Optional when updating an existing SFTP connector
+
+
+
+