AWS AWSCloudFormation high security documentation change
Summary
Added documentation for the minimum SSL/TLS protocol configuration for CloudFront origins, including valid values and a link to the developer guide
Security assessment
The change explicitly documents SSL/TLS protocol enforcement for HTTPS connections to origins, which is a security control to prevent weak cryptographic protocols. Specifying minimum protocols mitigates risks like POODLE or BEAST attacks.
Diff
diff --git a/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-vpcorigin-vpcoriginendpointconfig.md b/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-vpcorigin-vpcoriginendpointconfig.md index 8596a4563..a5e5ac48a 100644 --- a//AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-vpcorigin-vpcoriginendpointconfig.md +++ b//AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-vpcorigin-vpcoriginendpointconfig.md @@ -100 +100,3 @@ _Required_ : No -Property description not available. +Specifies the minimum SSL/TLS protocol that CloudFront uses when connecting to your origin over HTTPS. Valid values include `SSLv3`, `TLSv1`, `TLSv1.1`, and `TLSv1.2`. + +For more information, see [Minimum Origin SSL Protocol](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValuesOriginSSLProtocols) in the _Amazon CloudFront Developer Guide_.