AWS Security ChangesHomeSearch

AWS cli documentation change

Service: cli · 2025-07-01 · Documentation low

File: cli/latest/reference/configservice/list-discovered-resources.md

Summary

Updated CLI version references, rephrased command description, removed CloudFormation stack recording behavior warning, added pagination details, and expanded supported resource types list with 35+ new AWS resources

Security assessment

While the change adds security-related resource types like AWS::SecurityHub::Standard and AWS::Bedrock::Guardrail, there's no evidence of addressing a specific security vulnerability. The removed CloudFormation warning was informational rather than indicating a security fix. New security-related resource documentation improves feature awareness but doesn't mitigate an active issue.

Diff

diff --git a/cli/latest/reference/configservice/list-discovered-resources.md b/cli/latest/reference/configservice/list-discovered-resources.md
index 03eb00d32..b7da71ff9 100644
--- a//cli/latest/reference/configservice/list-discovered-resources.md
+++ b//cli/latest/reference/configservice/list-discovered-resources.md
@@ -15 +15 @@
-  * [AWS CLI 2.27.45 Command Reference](../../index.html) »
+  * [AWS CLI 2.27.46 Command Reference](../../index.html) »
@@ -60,3 +60 @@ First time using the AWS CLI? See the [User Guide](https://docs.aws.amazon.com/c
-Returns a list of resource resource identifiers for the specified resource types for the resources of that type. A _resource identifier_ includes the resource type, ID, and (if available) the custom resource name.
-
-The results consist of resources that Config has _discovered_ , including those that Config is not currently recording. You can narrow the results to include only resources that have specific resource IDs or a resource name.
+Accepts a resource type and returns a list of resource identifiers for the resources of that type. A resource identifier includes the resource type, ID, and (if available) the custom resource name. The results consist of resources that Config has discovered, including those that Config is not currently recording. You can narrow the results to include only resources that have specific resource IDs or a resource name.
@@ -68,16 +66 @@ You can specify either resource IDs or a resource name, but not both, in the sam
-### Warning
-
-> _CloudFormation stack recording behavior in Config_
-
-When a CloudFormation stack fails to create (for example, it enters the `ROLLBACK_FAILED` state), Config does not record a configuration item (CI) for that stack. Configuration items are only recorded for stacks that reach the following states:
-
-  * `CREATE_COMPLETE`
-  * `UPDATE_COMPLETE`
-  * `UPDATE_ROLLBACK_COMPLETE`
-  * `UPDATE_ROLLBACK_FAILED`
-  * `DELETE_FAILED`
-  * `DELETE_COMPLETE`
-
-
-
-Because no CI is created for a failed stack creation, you won’t see configuration history for that stack in Config, even after the stack is deleted. This helps make sure that Config only tracks resources that were successfully provisioned.
+The response is paginated. By default, Config lists 100 resource identifiers on each page. You can customize this number with the `limit` parameter. The response includes a `nextToken` string. To get the next page of results, run the request again and specify the string for the `nextToken` parameter.
@@ -536,0 +520,35 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/config
+>   * `AWS::AppConfig::ExtensionAssociation`
+>   * `AWS::AppIntegrations::Application`
+>   * `AWS::AppSync::ApiCache`
+>   * `AWS::Bedrock::Guardrail`
+>   * `AWS::Bedrock::KnowledgeBase`
+>   * `AWS::Cognito::IdentityPool`
+>   * `AWS::Connect::Rule`
+>   * `AWS::Connect::User`
+>   * `AWS::EC2::ClientVpnTargetNetworkAssociation`
+>   * `AWS::EC2::EIPAssociation`
+>   * `AWS::EC2::IPAMResourceDiscovery`
+>   * `AWS::EC2::IPAMResourceDiscoveryAssociation`
+>   * `AWS::EC2::InstanceConnectEndpoint`
+>   * `AWS::EC2::SnapshotBlockPublicAccess`
+>   * `AWS::EC2::VPCBlockPublicAccessExclusion`
+>   * `AWS::EC2::VPCBlockPublicAccessOptions`
+>   * `AWS::EC2::VPCEndpointConnectionNotification`
+>   * `AWS::EC2::VPNConnectionRoute`
+>   * `AWS::Evidently::Segment`
+>   * `AWS::IAM::OIDCProvider`
+>   * `AWS::InspectorV2::Activation`
+>   * `AWS::MSK::ClusterPolicy`
+>   * `AWS::MSK::VpcConnection`
+>   * `AWS::MediaConnect::Gateway`
+>   * `AWS::MemoryDB::SubnetGroup`
+>   * `AWS::OpenSearchServerless::Collection`
+>   * `AWS::OpenSearchServerless::VpcEndpoint`
+>   * `AWS::Redshift::EndpointAuthorization`
+>   * `AWS::Route53Profiles::Profile`
+>   * `AWS::S3::StorageLensGroup`
+>   * `AWS::S3Express::BucketPolicy`
+>   * `AWS::S3Express::DirectoryBucket`
+>   * `AWS::SageMaker::InferenceExperiment`
+>   * `AWS::SecurityHub::Standard`
+>   * `AWS::Transfer::Profile`
@@ -752 +770 @@ nextToken -> (string)
-  * [AWS CLI 2.27.45 Command Reference](../../index.html) »
+  * [AWS CLI 2.27.46 Command Reference](../../index.html) »