AWS lambda documentation change
Summary
Updated example configuration for Kafka event source mapping with simplified schema registry configuration and changed authentication type from CLIENT_CERTIFICATE_TLS_AUTH to BASIC_AUTH
Security assessment
While the change demonstrates different authentication methods (security documentation), the switch from mutual TLS to basic auth in examples could indicate security guidance changes but lacks explicit vulnerability context. The example now shows proper secret management practices.
Diff
diff --git a/lambda/latest/dg/services-consume-kafka-events.md b/lambda/latest/dg/services-consume-kafka-events.md index 6aa2959b3..ccda8a007 100644 --- a//lambda/latest/dg/services-consume-kafka-events.md +++ b//lambda/latest/dg/services-consume-kafka-events.md @@ -144 +144,17 @@ Create Event Source Mapping - --amazon-managed-kafka-event-source-config '{"SchemaRegistryConfig" : {"SchemaRegistryURI": "https://ec2-13-217-228-151.compute-1.amazonaws.com:8082", "EventRecordFormat": "JSON", "AccessConfigs": [{"Type":"CLIENT_CERTIFICATE_TLS_AUTH", "URI":"arn:aws:secretsmanager:us-east-1:408865831329:secret:kafkaSchemaRegistryBugBashMTLS-w0axZ0"},{"Type":"SERVER_ROOT_CA_CERTIFICATE", "URI":"arn:aws:secretsmanager:us-east-1:408865831329:secret:KafkaSchemaRegistryBugBashRootCA-YqQXOZ"}], "SchemaValidationConfigs": [{"Attribute": "VALUE"}]}}' + --amazon-managed-kafka-event-source-mapping '{ + "SchemaRegistryConfig" : { + "SchemaRegistryURI": "https://abcd-ef123.us-west-2.aws.confluent.cloud", + "AccessConfigs": [{ + "Type": "BASIC_AUTH", + "URI": "arn:aws:secretsmanager:us-east-1:123456789012:secret:secretName" + }], + "EventRecordFormat": "JSON", + "SchemaValidationConfigs": [ + { + "Attribute": "KEY" + }, + { + "Attribute": "VALUE" + }] + } + }'