AWS AWSCloudFormation documentation change
Summary
Added operational notes about TrustedHostKeys handling and secret requirements for SFTP connectors
Security assessment
Documents security-adjacent configuration practices (host key verification and secret management) but does not address specific vulnerabilities
Diff
diff --git a/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-connector-sftpconfig.md b/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-connector-sftpconfig.md index 4dd141ce7..346db72e3 100644 --- a//AWSCloudFormation/latest/UserGuide/aws-properties-transfer-connector-sftpconfig.md +++ b//AWSCloudFormation/latest/UserGuide/aws-properties-transfer-connector-sftpconfig.md @@ -36,0 +37,4 @@ The public portion of the host key, or keys, that are used to identify the exter +###### Note + +`TrustedHostKeys` is optional for `CreateConnector`. If not provided, you can use `TestConnection` to retrieve the server host key during the initial connection attempt, and subsequently update the connector with the observed host key. + @@ -70,0 +75,9 @@ The identifier for the secret (in AWS Secrets Manager) that contains the SFTP us +###### Note + + * Required when creating an SFTP connector + + * Optional when updating an existing SFTP connector + + + +