AWS Security ChangesHomeSearch

AWS AWSCloudFormation medium security documentation change

Service: AWSCloudFormation · 2025-05-28 · Security-related medium

File: AWSCloudFormation/latest/UserGuide/aws-resource-cloudtrail-trail.md

Summary

Added encryption of digest files to KMS key description

Security assessment

Explicitly mentions encryption of digest files which are critical for log integrity validation. This documents expanded security controls for CloudTrail data protection.

Diff

diff --git a/AWSCloudFormation/latest/UserGuide/aws-resource-cloudtrail-trail.md b/AWSCloudFormation/latest/UserGuide/aws-resource-cloudtrail-trail.md
index 496c4d1bd..bd567072e 100644
--- a//AWSCloudFormation/latest/UserGuide/aws-resource-cloudtrail-trail.md
+++ b//AWSCloudFormation/latest/UserGuide/aws-resource-cloudtrail-trail.md
@@ -213 +213 @@ _Required_ : No
-Specifies the AWS KMS key ID to use to encrypt the logs delivered by CloudTrail. The value can be an alias name prefixed by "alias/", a fully specified ARN to an alias, a fully specified ARN to a key, or a globally unique identifier.
+Specifies the AWS KMS key ID to use to encrypt the logs and digest files delivered by CloudTrail. The value can be an alias name prefixed by "alias/", a fully specified ARN to an alias, a fully specified ARN to a key, or a globally unique identifier.