AWS AWSCloudFormation medium security documentation change
Summary
Updated KeyStorageSecurityStandard documentation with new compliance requirements and error handling instructions
Security assessment
Changes specify updated cryptographic compliance standards (CCPC_LEVEL_1_OR_HIGHER) for CA creation in certain regions, directly addressing security compliance requirements. The update prevents InvalidArgsException errors related to security standards.
Diff
diff --git a/AWSCloudFormation/latest/UserGuide/aws-resource-acmpca-certificateauthority.md b/AWSCloudFormation/latest/UserGuide/aws-resource-acmpca-certificateauthority.md index 02ffaf248..558ff5a3b 100644 --- a//AWSCloudFormation/latest/UserGuide/aws-resource-acmpca-certificateauthority.md +++ b//AWSCloudFormation/latest/UserGuide/aws-resource-acmpca-certificateauthority.md @@ -85 +85 @@ _Required_ : Yes -Specifies a cryptographic key management compliance standard used for handling CA keys. +Specifies a cryptographic key management compliance standard for handling and protecting CA keys. @@ -91 +91 @@ Default: FIPS_140_2_LEVEL_3_OR_HIGHER -Some AWS Regions do not support the default. When creating a CA in these Regions, you must provide `FIPS_140_2_LEVEL_2_OR_HIGHER` as the argument for `KeyStorageSecurityStandard`. Failure to do this results in an `InvalidArgsException` with the message, "A certificate authority cannot be created in this region with the specified security standard." +Some AWS Regions don't support the default value. When you create a CA in these Regions, you must use `CCPC_LEVEL_1_OR_HIGHER` for the `KeyStorageSecurityStandard` parameter. If you don't, the operation returns an `InvalidArgsException` with this message: "A certificate authority cannot be created in this region with the specified security standard." @@ -93 +93 @@ Some AWS Regions do not support the default. When creating a CA in these Regions -For information about security standard support in various Regions, see [Storage and security compliance of AWS Private CA private keys](https://docs.aws.amazon.com/privateca/latest/userguide/data-protection.html#private-keys). +For information about security standard support in different AWS Regions, see [Storage and security compliance of AWS Private CA private keys](https://docs.aws.amazon.com/privateca/latest/userguide/data-protection.html#private-keys).