AWS appsync medium security documentation change
Summary
Clarified certificate requirements for custom domain names to explicitly require public/imported ACM certificates in us-east-1
Security assessment
Explicitly requiring public/imported ACM certificates prevents potential misconfigurations where private/invalid certificates might be used, which could lead to TLS validation failures or man-in-the-middle attacks. This addresses a security best practice for certificate management.
Diff
diff --git a/appsync/latest/devguide/custom-domain-name.md b/appsync/latest/devguide/custom-domain-name.md index df343905a..3a2439ebb 100644 --- a//appsync/latest/devguide/custom-domain-name.md +++ b//appsync/latest/devguide/custom-domain-name.md @@ -76,6 +76 @@ AWS AppSync supports custom domain names by leveraging Server Name Indication (S -To set up a custom domain name as the API's hostname, the API owner must provide an SSL/TLS certificate for the custom domain name. To provide a certificate, do one of the following: - - * Request a new certificate in ACM, or import a certificate issued by a third-party certificate authority into ACM in the `us-east-1` AWS Region (US East (N. Virginia)). For more information about ACM, see [What is AWS Certificate Manager?](https://docs.aws.amazon.com/acm/latest/userguide/acm-overview.html) in the _AWS Certificate Manager User Guide_. - - - +To set up a custom domain name as the API's hostname, the API owner must provide a public or imported ACM certificate in the `us-east-1` _AWS Region (US East (N. Virginia))_ that covers the custom domain name. For more information about ACM, see [What is AWS Certificate Manager?](https://docs.aws.amazon.com/acm/latest/userguide/acm-overview.html) in the _AWS Certificate Manager User Guide_.