AWS Security ChangesHomeSearch

AWS appsync medium security documentation change

Service: appsync · 2025-07-25 · Security-related medium

File: appsync/latest/eventapi/event-api-custom-domains.md

Summary

Formatted CloudFront policy actions and specified ACM certificate region

Security assessment

Hardcoded 'us-east-1' in ACM ARN ensures correct certificate region usage, preventing misconfiguration.

Diff

diff --git a/appsync/latest/eventapi/event-api-custom-domains.md b/appsync/latest/eventapi/event-api-custom-domains.md
index 31537a1dd..00ac4e07f 100644
--- a//appsync/latest/eventapi/event-api-custom-domains.md
+++ b//appsync/latest/eventapi/event-api-custom-domains.md
@@ -64,2 +64,6 @@ JSON
-          "Action": ["cloudfront:updateDistribution"],
-          "Resource": ["*"]
+                "Action": [
+                    "cloudfront:updateDistribution"
+                ],
+                "Resource": [
+                    "*"
+                ]
@@ -71 +75 @@ JSON
-          "Resource": "arn:aws:acm:Region:account-id:certificate/certificate_ID"
+                "Resource": "arn:aws:acm:us-east-1:account-id:certificate/certificate_ID"