AWS AWSCloudFormation medium security documentation change
Summary
Updated documentation for code signing policy to specify CloudWatch metric and CloudTrail logging
Security assessment
Enhances security visibility by clarifying monitoring capabilities for code signing validation failures through CloudWatch metrics and CloudTrail logs
Diff
diff --git a/AWSCloudFormation/latest/TemplateReference/aws-properties-lambda-codesigningconfig-codesigningpolicies.md b/AWSCloudFormation/latest/TemplateReference/aws-properties-lambda-codesigningconfig-codesigningpolicies.md index eb01a1aa0..89bcec71b 100644 --- a//AWSCloudFormation/latest/TemplateReference/aws-properties-lambda-codesigningconfig-codesigningpolicies.md +++ b//AWSCloudFormation/latest/TemplateReference/aws-properties-lambda-codesigningconfig-codesigningpolicies.md @@ -34 +34 @@ To declare this entity in your AWS CloudFormation template, use the following sy -Code signing configuration policy for deployment validation failure. If you set the policy to `Enforce`, Lambda blocks the deployment request if signature validation checks fail. If you set the policy to `Warn`, Lambda allows the deployment and creates a CloudWatch log. +Code signing configuration policy for deployment validation failure. If you set the policy to `Enforce`, Lambda blocks the deployment request if signature validation checks fail. If you set the policy to `Warn`, Lambda allows the deployment and issues a new Amazon CloudWatch metric (`SignatureValidationErrors`) and also stores the warning in the CloudTrail log.