AWS AWSCloudFormation medium security documentation change
Summary
Changed default value of session disconnection behavior from `false` to `true`, requiring users to manually reconnect after session timeout.
Security assessment
The default change enforces stricter session management by prompting users to reauthenticate after timeout, reducing the risk of prolonged unauthorized access. This directly impacts security posture by addressing potential session hijacking risks.
Diff
diff --git a/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-clientvpnendpoint.md b/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-clientvpnendpoint.md index 4d6f0631b..f8129fcd8 100644 --- a//AWSCloudFormation/latest/UserGuide/aws-resource-ec2-clientvpnendpoint.md +++ b//AWSCloudFormation/latest/UserGuide/aws-resource-ec2-clientvpnendpoint.md @@ -155 +155 @@ _Required_ : No -Indicates whether the client VPN session is disconnected after the maximum `sessionTimeoutHours` is reached. If `true`, users are prompted to reconnect client VPN. If `false`, client VPN attempts to reconnect automatically. The default value is `false`. +Indicates whether the client VPN session is disconnected after the maximum `sessionTimeoutHours` is reached. If `true`, users are prompted to reconnect client VPN. If `false`, client VPN attempts to reconnect automatically. The default value is `true`.