AWS Security ChangesHomeSearch

AWS AWSCloudFormation documentation change

Service: AWSCloudFormation · 2025-06-13 · Documentation low

File: AWSCloudFormation/latest/TemplateReference/doc-history.md

Summary

Added changelog entry for EKS PodIdentityAssociation updates including security-related properties

Security assessment

Documents security feature additions (TargetRoleArn, DisableSessionTags, ExternalId) but does not itself contain security implementation details

Diff

diff --git a/AWSCloudFormation/latest/TemplateReference/doc-history.md b/AWSCloudFormation/latest/TemplateReference/doc-history.md
index 5b46ba3ac..3b03819d4 100644
--- a//AWSCloudFormation/latest/TemplateReference/doc-history.md
+++ b//AWSCloudFormation/latest/TemplateReference/doc-history.md
@@ -10,0 +11,10 @@ Change| Description| Date
+[Updated resource](./aws-template-resource-type-ref.html#AWS_Amplify)| The following resource was updated: AWS::Amplify::App
+
+[AWS::Amplify::App](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-amplify-app.html)
+     Use the `JobConfig` property to specify the configuration details that apply to the jobs for an Amplify app.
+| June 13, 2025  
+[Updated resource](./aws-template-resource-type-ref.html#AWS_EKS)| The following resource was updated: `AWS::EKS::PodIdentityAssociation`
+
+[`AWS::EKS::PodIdentityAssociation`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-podidentityassociation.html)
+     Use the `TargetRoleArn` property to set a secondary role that EKS Pod Identity assumes. Only the credentials from the target IAM role are put into the pod. The target role can be from another account, unlike the association role. Use the `DisableSessionTags` property to enable or disable the session tags that are added by EKS Pod Identity and lower the number of tags to stay under the session size limit. Use the `ExternalId` return value in an IAM trust policy on the target IAM role to prevent the confused deputy problem.
+| June 11, 2025