AWS Security ChangesHomeSearch

AWS AWSCloudFormation documentation change

Service: AWSCloudFormation · 2025-04-14 · Documentation low

File: AWSCloudFormation/latest/UserGuide/aws-properties-msk-cluster-clientauthentication.md

Summary

Added detailed requirements for SASL client authentication including encryption in transit dependencies and TLS settings

Security assessment

Clarifies security configuration requirements but does not address a specific vulnerability

Diff

diff --git a/AWSCloudFormation/latest/UserGuide/aws-properties-msk-cluster-clientauthentication.md b/AWSCloudFormation/latest/UserGuide/aws-properties-msk-cluster-clientauthentication.md
index 09cff7501..f1844f4d5 100644
--- a//AWSCloudFormation/latest/UserGuide/aws-properties-msk-cluster-clientauthentication.md
+++ b//AWSCloudFormation/latest/UserGuide/aws-properties-msk-cluster-clientauthentication.md
@@ -39 +39 @@ To declare this entity in your AWS CloudFormation template, use the following sy
-Property description not available.
+Details for client authentication using SASL. To turn on SASL, you must also turn on `EncryptionInTransit` by setting `inCluster` to true. You must set `clientBroker` to either `TLS` or `TLS_PLAINTEXT`. If you choose `TLS_PLAINTEXT`, then you must also set `unauthenticated` to true.
@@ -50 +50 @@ _Required_ : No
-Property description not available.
+Details for ClientAuthentication using TLS. To turn on TLS access control, you must also turn on `EncryptionInTransit` by setting `inCluster` to true and `clientBroker` to `TLS`.
@@ -61 +61 @@ _Required_ : No
-Property description not available.
+Details for ClientAuthentication using no authentication.