AWS Security ChangesHomeSearch

AWS payment-cryptography documentation change

Service: payment-cryptography · 2025-08-01 · Documentation low

File: payment-cryptography/latest/userguide/use-cases-issuers.networkfunctions.mastercard.md

Summary

Updated example KeyArn values by removing AWS account ID from ARN strings

Security assessment

The change removes placeholder account IDs (111122223333) from example ARNs. This appears to be a documentation standardization rather than addressing a security vulnerability. No evidence of security impact or vulnerability remediation.

Diff

diff --git a/payment-cryptography/latest/userguide/use-cases-issuers.networkfunctions.mastercard.md b/payment-cryptography/latest/userguide/use-cases-issuers.networkfunctions.mastercard.md
index 3b3ab38ac..63a5bbe5b 100644
--- a//payment-cryptography/latest/userguide/use-cases-issuers.networkfunctions.mastercard.md
+++ b//payment-cryptography/latest/userguide/use-cases-issuers.networkfunctions.mastercard.md
@@ -34 +34 @@ The response echoes back the request parameters, including an ARN for subsequent
-                            "KeyArn": "arn:aws:payment-cryptography:us-east-2:111122223333:key/hrh6qgbi3sk4y3wq",
+                            "KeyArn": "arn:aws:payment-cryptography:us-east-2::key/hrh6qgbi3sk4y3wq",
@@ -62 +62 @@ The response echoes back the request parameters, including an ARN for subsequent
-Take note of the `KeyArn` that represents the key, for example _arn:aws:payment-cryptography:us-east-2:111122223333:key/hrh6qgbi3sk4y3wq_. You need that in the next step.
+Take note of the `KeyArn` that represents the key, for example _arn:aws:payment-cryptography:us-east-2::key/hrh6qgbi3sk4y3wq_. You need that in the next step.
@@ -69 +69 @@ Although DCVC3 may be generated by a chip card, it can also be manually generate
-    $ aws payment-cryptography-data generate-card-validation-data --key-identifier arn:aws:payment-cryptography:us-east-2:111122223333:key/pw3s6nl62t5ushfk --primary-account-number=5413123456784808 --generation-attributes DynamicCardVerificationCode='{ApplicationTransactionCounter=0000,TrackData=5241060000000069D13052020000000000003F,PanSequenceNumber=00,UnpredictableNumber=00000000}''
+    $ aws payment-cryptography-data generate-card-validation-data --key-identifier arn:aws:payment-cryptography:us-east-2::key/pw3s6nl62t5ushfk --primary-account-number=5413123456784808 --generation-attributes DynamicCardVerificationCode='{ApplicationTransactionCounter=0000,TrackData=5241060000000069D13052020000000000003F,PanSequenceNumber=00,UnpredictableNumber=00000000}''
@@ -73 +73 @@ Although DCVC3 may be generated by a chip card, it can also be manually generate
-                "KeyArn": "arn:aws:payment-cryptography:us-east-2:111122223333:key/pw3s6nl62t5ushfk",
+                "KeyArn": "arn:aws:payment-cryptography:us-east-2::key/pw3s6nl62t5ushfk",
@@ -85 +85 @@ If AWS Payment Cryptography is able to validate, an http/200 is returned. If the
-    $ aws payment-cryptography-data verify-card-validation-data  --key-identifier arn:aws:payment-cryptography:us-east-2:111122223333:key/pw3s6nl62t5ushfk --primary-account-number=5413123456784808 --verification-attributes DynamicCardVerificationCode='{ApplicationTransactionCounter=000B,TrackData=5241060000000069D13052020000000000003F,PanSequenceNumber=00,UnpredictableNumber=00000001}' --validation-data 398
+    $ aws payment-cryptography-data verify-card-validation-data  --key-identifier arn:aws:payment-cryptography:us-east-2::key/pw3s6nl62t5ushfk --primary-account-number=5413123456784808 --verification-attributes DynamicCardVerificationCode='{ApplicationTransactionCounter=000B,TrackData=5241060000000069D13052020000000000003F,PanSequenceNumber=00,UnpredictableNumber=00000001}' --validation-data 398
@@ -89 +89 @@ If AWS Payment Cryptography is able to validate, an http/200 is returned. If the
-                "KeyArn": "arn:aws:payment-cryptography:us-east-2:111122223333:key/pw3s6nl62t5ushfk",
+                "KeyArn": "arn:aws:payment-cryptography:us-east-2::key/pw3s6nl62t5ushfk",
@@ -111 +111 @@ The response echoes back the request parameters, including an ARN for subsequent
-                            "KeyArn": "arn:aws:payment-cryptography:us-east-2:111122223333:key/pw3s6nl62t5ushfk",
+                            "KeyArn": "arn:aws:payment-cryptography:us-east-2::key/pw3s6nl62t5ushfk",
@@ -139 +139 @@ The response echoes back the request parameters, including an ARN for subsequent
-Take note of the `KeyArn` that represents the key, for example _arn:aws:payment-cryptography:us-east-2:111122223333:key/pw3s6nl62t5ushfk_. You need that in the next step.
+Take note of the `KeyArn` that represents the key, for example _arn:aws:payment-cryptography:us-east-2::key/pw3s6nl62t5ushfk_. You need that in the next step.
@@ -149 +149 @@ If AWS Payment Cryptography is able to validate the ARQC, an http/200 is returne
-              --key-identifier arn:aws:payment-cryptography:us-east-2:111122223333:key/pw3s6nl62t5ushfk \
+              --key-identifier arn:aws:payment-cryptography:us-east-2::key/pw3s6nl62t5ushfk \
@@ -157 +157 @@ If AWS Payment Cryptography is able to validate the ARQC, an http/200 is returne
-                "KeyArn": "arn:aws:payment-cryptography:us-east-2:111122223333:key/pw3s6nl62t5ushfk",
+                "KeyArn": "arn:aws:payment-cryptography:us-east-2::key/pw3s6nl62t5ushfk",