AWS Security ChangesHomeSearch

AWS AWSCloudFormation medium security documentation change

Service: AWSCloudFormation · 2025-05-01 · Security-related medium

File: AWSCloudFormation/latest/UserGuide/aws-resource-ec2-clientvpnendpoint.md

Summary

Changed default value of session disconnection behavior from `false` to `true`, requiring users to manually reconnect after session timeout.

Security assessment

The default change enforces stricter session management by prompting users to reauthenticate after timeout, reducing the risk of prolonged unauthorized access. This directly impacts security posture by addressing potential session hijacking risks.

Diff

diff --git a/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-clientvpnendpoint.md b/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-clientvpnendpoint.md
index 4d6f0631b..f8129fcd8 100644
--- a//AWSCloudFormation/latest/UserGuide/aws-resource-ec2-clientvpnendpoint.md
+++ b//AWSCloudFormation/latest/UserGuide/aws-resource-ec2-clientvpnendpoint.md
@@ -155 +155 @@ _Required_ : No
-Indicates whether the client VPN session is disconnected after the maximum `sessionTimeoutHours` is reached. If `true`, users are prompted to reconnect client VPN. If `false`, client VPN attempts to reconnect automatically. The default value is `false`.
+Indicates whether the client VPN session is disconnected after the maximum `sessionTimeoutHours` is reached. If `true`, users are prompted to reconnect client VPN. If `false`, client VPN attempts to reconnect automatically. The default value is `true`.