AWS Security ChangesHomeSearch

AWS AWSCloudFormation medium security documentation change

Service: AWSCloudFormation · 2025-08-28 · Security-related medium

File: AWSCloudFormation/latest/TemplateReference/aws-properties-lambda-codesigningconfig-codesigningpolicies.md

Summary

Updated documentation for code signing policy to specify CloudWatch metric and CloudTrail logging

Security assessment

Enhances security visibility by clarifying monitoring capabilities for code signing validation failures through CloudWatch metrics and CloudTrail logs

Diff

diff --git a/AWSCloudFormation/latest/TemplateReference/aws-properties-lambda-codesigningconfig-codesigningpolicies.md b/AWSCloudFormation/latest/TemplateReference/aws-properties-lambda-codesigningconfig-codesigningpolicies.md
index eb01a1aa0..89bcec71b 100644
--- a//AWSCloudFormation/latest/TemplateReference/aws-properties-lambda-codesigningconfig-codesigningpolicies.md
+++ b//AWSCloudFormation/latest/TemplateReference/aws-properties-lambda-codesigningconfig-codesigningpolicies.md
@@ -34 +34 @@ To declare this entity in your AWS CloudFormation template, use the following sy
-Code signing configuration policy for deployment validation failure. If you set the policy to `Enforce`, Lambda blocks the deployment request if signature validation checks fail. If you set the policy to `Warn`, Lambda allows the deployment and creates a CloudWatch log. 
+Code signing configuration policy for deployment validation failure. If you set the policy to `Enforce`, Lambda blocks the deployment request if signature validation checks fail. If you set the policy to `Warn`, Lambda allows the deployment and issues a new Amazon CloudWatch metric (`SignatureValidationErrors`) and also stores the warning in the CloudTrail log.