AWS AWSCloudFormation documentation change
Summary
Added support for ML-DSA asymmetric key pairs and related specifications
Security assessment
Documents new cryptographic algorithm support (ML-DSA) which is a security feature, but doesn't address a specific vulnerability
Diff
diff --git a/AWSCloudFormation/latest/TemplateReference/aws-resource-kms-key.md b/AWSCloudFormation/latest/TemplateReference/aws-resource-kms-key.md index dc24140a2..49ed474a3 100644 --- a//AWSCloudFormation/latest/TemplateReference/aws-resource-kms-key.md +++ b//AWSCloudFormation/latest/TemplateReference/aws-resource-kms-key.md @@ -236,0 +237,8 @@ AWS KMS supports the following key specs for KMS keys: + * Asymmetric ML-DSA key pairs (signing and verification) + + * `ML_DSA_44` + + * `ML_DSA_65` + + * `ML_DSA_87` + @@ -271 +279,3 @@ Select only one valid value. - * For asymmetric KMS keys with `ECC_SECG_P256K1` key pairs specify `SIGN_VERIFY`. + * For asymmetric KMS keys with `ECC_SECG_P256K1` key pairs, specify `SIGN_VERIFY`. + + * For asymmetric KMS keys with ML-DSA key pairs, specify `SIGN_VERIFY`. @@ -322 +332,6 @@ You can ignore `ENABLED` when Origin is `EXTERNAL`. When a KMS key with Origin ` -AWS CloudFormation doesn't support creating an `Origin` parameter of the `AWS_CLOUDHSM` or `EXTERNAL_KEY_STORE` values. + * AWS CloudFormation doesn't support creating an `Origin` parameter of the `AWS_CLOUDHSM` or `EXTERNAL_KEY_STORE` values. + + * `EXTERNAL` is not supported for ML-DSA keys. + + +