AWS cdk documentation change
Summary
Rephrased sentence about modern bootstrap template permissions for clarity
Security assessment
Clarifies existing security implications of bootstrap template permissions but does not address a new vulnerability or add security documentation
Diff
diff --git a/cdk/v1/guide/cli.md b/cdk/v1/guide/cli.md index 8d2f177c7..3fd915794 100644 --- a//cdk/v1/guide/cli.md +++ b//cdk/v1/guide/cli.md @@ -308 +308 @@ The CDK Toolkit supports two bootstrap templates: the modern template and the le -The modern bootstrap template effectively grants the permissions implied by the `--cloudformation-execution-policies` to any AWS account in the `--trust` list, which by default will extend permissions to read and write to any resource in the bootstrapped account. Make sure to [configure the bootstrapping stack](./bootstrapping.html#bootstrapping-customizing) with policies and trusted accounts you are comfortable with. +The modern bootstrap template effectively grants the permissions implied by the `--cloudformation-execution-policies` to any AWS account in the `--trust` list. By default, this extends permissions to read and write to any resource in the bootstrapped account. Make sure to [configure the bootstrapping stack](./bootstrapping.html#bootstrapping-customizing) with policies and trusted accounts that you are comfortable with.