AWS Security ChangesHomeSearch

AWS prescriptive-guidance medium security documentation change

Service: prescriptive-guidance · 2025-04-23 · Security-related medium

File: prescriptive-guidance/latest/patterns/simplify-application-authentication-with-mutual-tls-in-amazon-ecs.md

Summary

Updated curl command port from 8090 to 8080 and added note about SSL certificate validation with -k flag

Security assessment

The added note explicitly warns about disabling SSL certificate validation (-k flag) and recommends proper certificate usage. This addresses a security risk of insecure SSL/TLS configurations by educating users about validation requirements.

Diff

diff --git a/prescriptive-guidance/latest/patterns/simplify-application-authentication-with-mutual-tls-in-amazon-ecs.md b/prescriptive-guidance/latest/patterns/simplify-application-authentication-with-mutual-tls-in-amazon-ecs.md
index 56ae1e044..9524dca61 100644
--- a//prescriptive-guidance/latest/patterns/simplify-application-authentication-with-mutual-tls-in-amazon-ecs.md
+++ b//prescriptive-guidance/latest/patterns/simplify-application-authentication-with-mutual-tls-in-amazon-ecs.md
@@ -105 +105 @@ You can use AWS CodePipeline to implement a continuous integration and continuou
-  * [Amazon ECS Exec](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-exec.html) allows you to directly interact with containers without needing to first interact with the host container operating system, open inbound ports, or manage SSH keys. You can use ECS Exec to run commands in or get a shell to a container running on an Amazon EC2 instance or on AWS Fargate.
+  * [Amazon ECS Exec](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-exec.html) allows you to directly interact with containers without needing to first interact with the host container operating system, open inbound ports, or manage SSH keys. You can use ECS Exec to run commands in, or get a shell to, a container running on an Amazon EC2 instance or on AWS Fargate.
@@ -429 +429,3 @@ Test your application.| To test your application, use ECS Exec to access the tas
-        curl -kvs https://<internal-alb-url>:8090 --key /usr/local/share/ca-certificates/client.key --cert /usr/local/share/ca-certificates/client.crt
+        curl -kvs https://<internal-alb-url>:8080 --key /usr/local/share/ca-certificates/client.key --cert /usr/local/share/ca-certificates/client.crt
+
+###### Note
@@ -430,0 +433 @@ Test your application.| To test your application, use ECS Exec to access the tas
+The `-k` flag in the curl commands (as part of `-kvs`) disables SSL certificate validation. You can remove this flag when using an SSL certificate that matches your domain name, enabling proper certificate validation.