AWS Security ChangesHomeSearch

AWS AWSCloudFormation high security documentation change

Service: AWSCloudFormation · 2025-05-10 · Security-related high

File: AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-vpcorigin-vpcoriginendpointconfig.md

Summary

Added documentation for the minimum SSL/TLS protocol configuration for CloudFront origins, including valid values and a link to the developer guide

Security assessment

The change explicitly documents SSL/TLS protocol enforcement for HTTPS connections to origins, which is a security control to prevent weak cryptographic protocols. Specifying minimum protocols mitigates risks like POODLE or BEAST attacks.

Diff

diff --git a/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-vpcorigin-vpcoriginendpointconfig.md b/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-vpcorigin-vpcoriginendpointconfig.md
index 8596a4563..a5e5ac48a 100644
--- a//AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-vpcorigin-vpcoriginendpointconfig.md
+++ b//AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-vpcorigin-vpcoriginendpointconfig.md
@@ -100 +100,3 @@ _Required_ : No
-Property description not available.
+Specifies the minimum SSL/TLS protocol that CloudFront uses when connecting to your origin over HTTPS. Valid values include `SSLv3`, `TLSv1`, `TLSv1.1`, and `TLSv1.2`.
+
+For more information, see [Minimum Origin SSL Protocol](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValuesOriginSSLProtocols) in the _Amazon CloudFront Developer Guide_.