AWS Security ChangesHomeSearch

AWS payment-cryptography documentation change

Service: payment-cryptography · 2025-08-01 · Documentation low

File: payment-cryptography/latest/userguide/use-cases-issuers.generalfunctions.arqc.md

Summary

Updated key ARN examples to remove account IDs in auth request cryptogram verification steps

Security assessment

Modifies example ARNs to use :: instead of placeholder account numbers. No security context provided - appears to be standard example cleanup without security implications.

Diff

diff --git a/payment-cryptography/latest/userguide/use-cases-issuers.generalfunctions.arqc.md b/payment-cryptography/latest/userguide/use-cases-issuers.generalfunctions.arqc.md
index fb45f4099..dd5669d5b 100644
--- a//payment-cryptography/latest/userguide/use-cases-issuers.generalfunctions.arqc.md
+++ b//payment-cryptography/latest/userguide/use-cases-issuers.generalfunctions.arqc.md
@@ -27 +27 @@ The response echoes back the request parameters, including an ARN for subsequent
-                        "KeyArn": "arn:aws:payment-cryptography:us-east-2:111122223333:key/pw3s6nl62t5ushfk",
+                        "KeyArn": "arn:aws:payment-cryptography:us-east-2::key/pw3s6nl62t5ushfk",
@@ -55 +55 @@ The response echoes back the request parameters, including an ARN for subsequent
-Take note of the `KeyArn` that represents the key, for example _arn:aws:payment-cryptography:us-east-2:111122223333:key/pw3s6nl62t5ushfk_. You need that in the next step.
+Take note of the `KeyArn` that represents the key, for example _arn:aws:payment-cryptography:us-east-2::key/pw3s6nl62t5ushfk_. You need that in the next step.
@@ -66 +66 @@ If AWS Payment Cryptography is able to validate the ARQC, an http/200 is returne
-    $ aws payment-cryptography-data verify-auth-request-cryptogram --auth-request-cryptogram 61EDCC708B4C97B4 --key-identifier arn:aws:payment-cryptography:us-east-2:111122223333:key/pw3s6nl62t5ushfk --major-key-derivation-mode EMV_OPTION_A --transaction-data 00000000170000000000000008400080008000084016051700000000093800000B1F2201030000000000000000000000000000000000000000000000000000008000000000000000 --session-key-derivation-attributes='{"EmvCommon":{"ApplicationTransactionCounter":"000B", "PanSequenceNumber":"01","PrimaryAccountNumber":"9137631040001422"}}' --auth-response-attributes='{"ArpcMethod2":{"CardStatusUpdate":"12345678"}}'
+    $ aws payment-cryptography-data verify-auth-request-cryptogram --auth-request-cryptogram 61EDCC708B4C97B4 --key-identifier arn:aws:payment-cryptography:us-east-2::key/pw3s6nl62t5ushfk --major-key-derivation-mode EMV_OPTION_A --transaction-data 00000000170000000000000008400080008000084016051700000000093800000B1F2201030000000000000000000000000000000000000000000000000000008000000000000000 --session-key-derivation-attributes='{"EmvCommon":{"ApplicationTransactionCounter":"000B", "PanSequenceNumber":"01","PrimaryAccountNumber":"9137631040001422"}}' --auth-response-attributes='{"ArpcMethod2":{"CardStatusUpdate":"12345678"}}'
@@ -70 +70 @@ If AWS Payment Cryptography is able to validate the ARQC, an http/200 is returne
-        "KeyArn": "arn:aws:payment-cryptography:us-east-2:111122223333:key/pw3s6nl62t5ushfk",
+        "KeyArn": "arn:aws:payment-cryptography:us-east-2::key/pw3s6nl62t5ushfk",