AWS systems-manager high security documentation change
Summary
Expanded explanation of parameter interpolation security benefits
Security assessment
Explicitly calls out security benefits against command injection attacks through parameter interpolation, making this a security documentation improvement.
Diff
diff --git a/systems-manager/latest/userguide/documents-schemas-features.md b/systems-manager/latest/userguide/documents-schemas-features.md index 6bdf4f173..75e935783 100644 --- a//systems-manager/latest/userguide/documents-schemas-features.md +++ b//systems-manager/latest/userguide/documents-schemas-features.md @@ -35 +35 @@ Cross-platform support | Cross-platform support allows you to specify different -Parameter interpolation | Allows string parameters to be interpolated into environment variables before command execution, providing better security against command injections. When set to `ENV_VAR`, the agent creates an environment variable named `SSM_`parameter-name`` that contains the parameter's value. +Parameter interpolation | Interpolation means to insert or substitute a variable value into a string. Think of it as filling in a blank space with actual values before the string is used. In the context of SSM documents, parameter interpolation allows string parameters to be interpolated into environment variables before command execution, providing better security against command injections. When set to `ENV_VAR`, the agent creates an environment variable named `SSM_`parameter-name`` that contains the parameter's value.