AWS AWSCloudFormation documentation change
Summary
Added documentation for certificate transparency logging options and HTTP validation token serving methods for CloudFront managed ACM certificates.
Security assessment
The changes clarify security-related configurations (certificate transparency logging and validation methods) but do not address a specific security vulnerability. These are routine documentation improvements for existing security features.
Diff
diff --git a/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distributiontenant-managedcertificaterequest.md b/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distributiontenant-managedcertificaterequest.md index 08e942730..27cdac20e 100644 --- a//AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distributiontenant-managedcertificaterequest.md +++ b//AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distributiontenant-managedcertificaterequest.md @@ -7 +7 @@ SyntaxProperties -The `ManagedCertificateRequest` property type specifies Property description not available. for an [AWS::CloudFront::DistributionTenant](./aws-resource-cloudfront-distributiontenant.html). +An object that represents the request for the Amazon CloudFront managed ACM certificate. @@ -36 +36 @@ To declare this entity in your AWS CloudFormation template, use the following sy -Property description not available. +You can opt out of certificate transparency logging by specifying the `disabled` option. Opt in by specifying `enabled`. For more information, see [Certificate Transparency Logging ](https://docs.aws.amazon.com/acm/latest/userguide/acm-concepts.html#concept-transparency) in the _AWS Certificate Manager User Guide_. @@ -49 +49 @@ _Required_ : No -Property description not available. +The primary domain name associated with the CloudFront managed ACM certificate. @@ -60 +60,8 @@ _Required_ : No -Property description not available. +Specify how the HTTP validation token will be served when requesting the CloudFront managed ACM certificate. + + * For `cloudfront`, CloudFront will automatically serve the validation token. Choose this mode if you can point the domain's DNS to CloudFront immediately. + + * For `self-hosted`, you serve the validation token from your existing infrastructure. Choose this mode when you need to maintain current traffic flow while your certificate is being issued. You can place the validation token at the well-known path on your existing web server, wait for ACM to validate and issue the certificate, and then update your DNS to point to CloudFront. + + +