AWS Security ChangesHomeSearch

AWS cdk documentation change

Service: cdk · 2025-05-16 · Documentation low

File: cdk/v1/guide/cli.md

Summary

Rephrased sentence about modern bootstrap template permissions for clarity

Security assessment

Clarifies existing security implications of bootstrap template permissions but does not address a new vulnerability or add security documentation

Diff

diff --git a/cdk/v1/guide/cli.md b/cdk/v1/guide/cli.md
index 8d2f177c7..3fd915794 100644
--- a//cdk/v1/guide/cli.md
+++ b//cdk/v1/guide/cli.md
@@ -308 +308 @@ The CDK Toolkit supports two bootstrap templates: the modern template and the le
-The modern bootstrap template effectively grants the permissions implied by the `--cloudformation-execution-policies` to any AWS account in the `--trust` list, which by default will extend permissions to read and write to any resource in the bootstrapped account. Make sure to [configure the bootstrapping stack](./bootstrapping.html#bootstrapping-customizing) with policies and trusted accounts you are comfortable with.
+The modern bootstrap template effectively grants the permissions implied by the `--cloudformation-execution-policies` to any AWS account in the `--trust` list. By default, this extends permissions to read and write to any resource in the bootstrapped account. Make sure to [configure the bootstrapping stack](./bootstrapping.html#bootstrapping-customizing) with policies and trusted accounts that you are comfortable with.