AWS Security ChangesHomeSearch

AWS payment-cryptography documentation change

Service: payment-cryptography · 2025-08-01 · Documentation low

File: payment-cryptography/latest/userguide/use-cases-issuers.networkfunctions.amex.md

Summary

Updated example KeyARNs by removing account ID (111122223333) from ARN strings in documentation examples

Security assessment

The change replaces specific account IDs with empty segments (::) in example ARNs. This appears to be a documentation hygiene improvement to use placeholder values rather than exposing example account IDs, but does not address a specific security vulnerability or add security guidance. While removing account IDs from examples is a security best practice, there's no evidence this was fixing an active security issue.

Diff

diff --git a/payment-cryptography/latest/userguide/use-cases-issuers.networkfunctions.amex.md b/payment-cryptography/latest/userguide/use-cases-issuers.networkfunctions.amex.md
index 79a9542b6..439248bb7 100644
--- a//payment-cryptography/latest/userguide/use-cases-issuers.networkfunctions.amex.md
+++ b//payment-cryptography/latest/userguide/use-cases-issuers.networkfunctions.amex.md
@@ -36 +36 @@ The response echoes back the request parameters, including an ARN for subsequent
-                            "KeyArn": "arn:aws:payment-cryptography:us-east-2:111122223333:key/esh6hn7pxdtttzgq",
+                            "KeyArn": "arn:aws:payment-cryptography:us-east-2::key/esh6hn7pxdtttzgq",
@@ -64 +64 @@ The response echoes back the request parameters, including an ARN for subsequent
-Take note of the `KeyArn` that represents the key, for example _arn:aws:payment-cryptography:us-east-2:111122223333:key/esh6hn7pxdtttzgq_. You need that in the next step.
+Take note of the `KeyArn` that represents the key, for example _arn:aws:payment-cryptography:us-east-2::key/esh6hn7pxdtttzgq_. You need that in the next step.
@@ -69 +69 @@ Take note of the `KeyArn` that represents the key, for example _arn:aws:payment-
-    $ aws payment-cryptography-data generate-card-validation-data --key-identifier arn:aws:payment-cryptography:us-east-2:111122223333:key/esh6hn7pxdtttzgq --primary-account-number=344131234567848 --generation-attributes AmexCardSecurityCodeVersion1='{CardExpiryDate=1224}' --validation-data-length 4
+    $ aws payment-cryptography-data generate-card-validation-data --key-identifier arn:aws:payment-cryptography:us-east-2::key/esh6hn7pxdtttzgq --primary-account-number=344131234567848 --generation-attributes AmexCardSecurityCodeVersion1='{CardExpiryDate=1224}' --validation-data-length 4
@@ -73 +73 @@ Take note of the `KeyArn` that represents the key, for example _arn:aws:payment-
-            "KeyArn": "arn:aws:payment-cryptography:us-east-2:111122223333:key/esh6hn7pxdtttzgq",
+            "KeyArn": "arn:aws:payment-cryptography:us-east-2::key/esh6hn7pxdtttzgq",
@@ -85 +85 @@ If AWS Payment Cryptography is able to validate, an http/200 is returned. If the
-    $ aws payment-cryptography-data verify-card-validation-data  --key-identifier arn:aws:payment-cryptography:us-east-2:111122223333:key/esh6hn7pxdtttzgq --primary-account-number=344131234567848 --verification-attributes AmexCardSecurityCodeVersion1='{CardExpiryDate=1224}''  --validation-data 3938
+    $ aws payment-cryptography-data verify-card-validation-data  --key-identifier arn:aws:payment-cryptography:us-east-2::key/esh6hn7pxdtttzgq --primary-account-number=344131234567848 --verification-attributes AmexCardSecurityCodeVersion1='{CardExpiryDate=1224}''  --validation-data 3938
@@ -89 +89 @@ If AWS Payment Cryptography is able to validate, an http/200 is returned. If the
-            "KeyArn": "arn:aws:payment-cryptography:us-east-2:111122223333:key/esh6hn7pxdtttzgq",
+            "KeyArn": "arn:aws:payment-cryptography:us-east-2::key/esh6hn7pxdtttzgq",
@@ -109 +109 @@ The response echoes back the request parameters, including an ARN for subsequent
-                    "KeyArn": "arn:aws:payment-cryptography:us-east-2:111122223333:key/erlm445qvunmvoda",
+                    "KeyArn": "arn:aws:payment-cryptography:us-east-2::key/erlm445qvunmvoda",
@@ -137 +137 @@ The response echoes back the request parameters, including an ARN for subsequent
-Take note of the `KeyArn` that represents the key, for example _arn:aws:payment-cryptography:us-east-2:111122223333:key/erlm445qvunmvoda_. You need that in the next step.
+Take note of the `KeyArn` that represents the key, for example _arn:aws:payment-cryptography:us-east-2::key/erlm445qvunmvoda_. You need that in the next step.
@@ -144 +144 @@ In this example, we will generate a CSC2 with a length of 4. CSC can be generate
-    $ aws payment-cryptography-data generate-card-validation-data --key-identifier arn:aws:payment-cryptography:us-east-2:111122223333:key/erlm445qvunmvoda --primary-account-number=344131234567848 --generation-attributes AmexCardSecurityCodeVersion2='{CardExpiryDate=1224,ServiceCode=999}' --validation-data-length 4
+    $ aws payment-cryptography-data generate-card-validation-data --key-identifier arn:aws:payment-cryptography:us-east-2::key/erlm445qvunmvoda --primary-account-number=344131234567848 --generation-attributes AmexCardSecurityCodeVersion2='{CardExpiryDate=1224,ServiceCode=999}' --validation-data-length 4
@@ -148 +148 @@ In this example, we will generate a CSC2 with a length of 4. CSC can be generate
-    "KeyArn": "arn:aws:payment-cryptography:us-east-2:111122223333:key/erlm445qvunmvoda",
+    "KeyArn": "arn:aws:payment-cryptography:us-east-2::key/erlm445qvunmvoda",
@@ -160 +160 @@ If AWS Payment Cryptography is able to validate, an http/200 is returned. If the
-    $ aws payment-cryptography-data verify-card-validation-data  --key-identifier arn:aws:payment-cryptography:us-east-2:111122223333:key/erlm445qvunmvoda --primary-account-number=344131234567848 --verification-attributes AmexCardSecurityCodeVersion2='{CardExpiryDate=1224,ServiceCode=999}' --validation-data 3982
+    $ aws payment-cryptography-data verify-card-validation-data  --key-identifier arn:aws:payment-cryptography:us-east-2::key/erlm445qvunmvoda --primary-account-number=344131234567848 --verification-attributes AmexCardSecurityCodeVersion2='{CardExpiryDate=1224,ServiceCode=999}' --validation-data 3982
@@ -164 +164 @@ If AWS Payment Cryptography is able to validate, an http/200 is returned. If the
-    "KeyArn": "arn:aws:payment-cryptography:us-east-2:111122223333:key/erlm445qvunmvoda",
+    "KeyArn": "arn:aws:payment-cryptography:us-east-2::key/erlm445qvunmvoda",
@@ -186 +186 @@ The response echoes back the request parameters, including an ARN for subsequent
-            "KeyArn": "arn:aws:payment-cryptography:us-east-1:111122223333:key/7vrybrbvjcvwtunv",
+            "KeyArn": "arn:aws:payment-cryptography:us-east-1::key/7vrybrbvjcvwtunv",
@@ -214 +214 @@ The response echoes back the request parameters, including an ARN for subsequent
-Take note of the `KeyArn` that represents the key, for example _arn:aws:payment-cryptography:us-east-1:111122223333:key/7vrybrbvjcvwtunv_. You need that in the next step.
+Take note of the `KeyArn` that represents the key, for example _arn:aws:payment-cryptography:us-east-1::key/7vrybrbvjcvwtunv_. You need that in the next step.
@@ -221 +221 @@ In this example, we will generate a iCSC with a length of 4, for a contactless c
-    $ aws payment-cryptography-data generate-card-validation-data --key-identifier arn:aws:payment-cryptography:us-east-1:111122223333:key/7vrybrbvjcvwtunv --primary-account-number=344131234567848 --generation-attributes AmexCardSecurityCodeVersion2='{CardExpiryDate=1224,ServiceCode=702}' --validation-data-length 4
+    $ aws payment-cryptography-data generate-card-validation-data --key-identifier arn:aws:payment-cryptography:us-east-1::key/7vrybrbvjcvwtunv --primary-account-number=344131234567848 --generation-attributes AmexCardSecurityCodeVersion2='{CardExpiryDate=1224,ServiceCode=702}' --validation-data-length 4
@@ -225 +225 @@ In this example, we will generate a iCSC with a length of 4, for a contactless c
-        "KeyArn": arn:aws:payment-cryptography:us-east-1:111122223333:key/7vrybrbvjcvwtunv,
+        "KeyArn": arn:aws:payment-cryptography:us-east-1::key/7vrybrbvjcvwtunv,
@@ -237 +237 @@ If AWS Payment Cryptography is able to validate, an http/200 is returned. If the
-    $ aws payment-cryptography-data verify-card-validation-data  --key-identifier arn:aws:payment-cryptography:us-east-1:111122223333:key/7vrybrbvjcvwtunv --primary-account-number=344131234567848 --verification-attributes AmexCardSecurityCodeVersion2='{CardExpiryDate=1224,ServiceCode=702}' --validation-data 2365
+    $ aws payment-cryptography-data verify-card-validation-data  --key-identifier arn:aws:payment-cryptography:us-east-1::key/7vrybrbvjcvwtunv --primary-account-number=344131234567848 --verification-attributes AmexCardSecurityCodeVersion2='{CardExpiryDate=1224,ServiceCode=702}' --validation-data 2365
@@ -241 +241 @@ If AWS Payment Cryptography is able to validate, an http/200 is returned. If the
-        "KeyArn": arn:aws:payment-cryptography:us-east-1:111122223333:key/7vrybrbvjcvwtunv,
+        "KeyArn": arn:aws:payment-cryptography:us-east-1::key/7vrybrbvjcvwtunv,