AWS Security ChangesHomeSearch

AWS glue medium security documentation change

Service: glue · 2025-05-13 · Security-related medium

File: glue/latest/dg/aws-glue-api-catalog-connections-connections.md

Summary

Updated JDBC_ENFORCE_SSL parameter to be case-insensitive and adjusted regex pattern reference for KmsKeyArn

Security assessment

Making JDBC_ENFORCE_SSL case-insensitive prevents misconfigurations where users might use uppercase values (e.g., 'True') that previously could have been ignored, potentially leaving SSL unenforced. This directly addresses a security risk by ensuring consistent SSL enforcement.

Diff

diff --git a/glue/latest/dg/aws-glue-api-catalog-connections-connections.md b/glue/latest/dg/aws-glue-api-catalog-connections-connections.md
index a64ce528a..b76e03603 100644
--- a//glue/latest/dg/aws-glue-api-catalog-connections-connections.md
+++ b//glue/latest/dg/aws-glue-api-catalog-connections-connections.md
@@ -96 +96 @@ These key-value pairs define parameters for the connection when using the versio
-    * `JDBC_ENFORCE_SSL` \- A Boolean string (true, false) specifying whether Secure Sockets Layer (SSL) with hostname matching is enforced for the JDBC connection on the client. The default is false.
+    * `JDBC_ENFORCE_SSL` \- A case-insensitive Boolean string (true, false) specifying whether Secure Sockets Layer (SSL) with hostname matching is enforced for the JDBC connection on the client. The default is false.
@@ -524 +524 @@ The secret manager ARN to store credentials in the CreateConnection request.
-  * `KmsKeyArn` – UTF-8 string, matching the [Custom string pattern #29](./aws-glue-api-common.html#regex_29).
+  * `KmsKeyArn` – UTF-8 string, matching the [Custom string pattern #42](./aws-glue-api-common.html#regex_42).