AWS powershell high security documentation change
Summary
Added documentation about sensitive data redaction in PowerShell V5 logs and configuration override
Security assessment
Explicitly documents security controls for sensitive information redaction in logs, including a warning about increased risk when disabling this protection. The change addresses data leakage prevention through default redaction behavior.
Diff
diff --git a/powershell/v5/userguide/additional-security-considerations.md b/powershell/v5/userguide/additional-security-considerations.md index 7be724212..0644be245 100644 --- a//powershell/v5/userguide/additional-security-considerations.md +++ b//powershell/v5/userguide/additional-security-considerations.md @@ -17 +17,6 @@ Some operations of this tool might return information that could be considered s -Consider the following best practices: +Version 5 (V5) of the AWS Tools for PowerShell has been updated to exclude potentially sensitive information from logs by default. If you need to revert to tool behavior that could result in sensitive information being logged, you can do so for a particular PowerShell session by running the following command: + + + Set-AWSConfiguration -RedactSensitiveOutputDisplay $false + +If you do revert to previous tool behavior, you are increasing the risk that sensitive information might be logged. In this case, you should consider the following best practices: