AWS AmazonCloudWatch high security documentation change
Summary
Changed 'gpg --import' to 'rpm --import' in package verification instructions
Security assessment
Using 'rpm --import' instead of 'gpg --import' to import GPG keys could lead to improper package signature verification, creating a security risk if malicious packages are not properly validated. This is a security-related documentation error correction.
Diff
diff --git a/AmazonCloudWatch/latest/monitoring/CloudWatch-NetworkFlowMonitor-agents-download-agent-commandline.md b/AmazonCloudWatch/latest/monitoring/CloudWatch-NetworkFlowMonitor-agents-download-agent-commandline.md index 042e28d37..970e5b03c 100644 --- a//AmazonCloudWatch/latest/monitoring/CloudWatch-NetworkFlowMonitor-agents-download-agent-commandline.md +++ b//AmazonCloudWatch/latest/monitoring/CloudWatch-NetworkFlowMonitor-agents-download-agent-commandline.md @@ -119 +119 @@ Follow the steps here to verify the signature of the Network Flow Monitor agent. - PS> gpg --import nfm-agent.gpg + PS> rpm --import nfm-agent.gpg @@ -197 +197 @@ Next, follow the steps here to verify the RPM package. - PS> gpg --import nfm-agent.gpg + PS> rpm --import nfm-agent.gpg