AWS Security ChangesHomeSearch

AWS AWSCloudFormation documentation change

Service: AWSCloudFormation · 2025-08-16 · Documentation medium

File: AWSCloudFormation/latest/TemplateReference/aws-resource-s3-bucket.md

Summary

Added documentation note about URL encoding spaces in signed header values

Security assessment

Adds guidance about proper handling of signed headers, which helps prevent signature validation failures. While related to security practices, it does not address a specific vulnerability but rather improves documentation of existing security features.

Diff

diff --git a/AWSCloudFormation/latest/TemplateReference/aws-resource-s3-bucket.md b/AWSCloudFormation/latest/TemplateReference/aws-resource-s3-bucket.md
index 8bf0c4458..e51f667ab 100644
--- a//AWSCloudFormation/latest/TemplateReference/aws-resource-s3-bucket.md
+++ b//AWSCloudFormation/latest/TemplateReference/aws-resource-s3-bucket.md
@@ -290,0 +291,4 @@ Places an Object Lock configuration on the specified bucket. The rule specified
+###### Important
+
+You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`.
+