AWS lambda documentation change
Summary
Added specific CloudWatch metric name 'SignatureValidationErrors' to the 'Warn' code signing configuration documentation
Security assessment
The change clarifies monitoring capabilities for code signing validation warnings but does not address a specific security vulnerability. It enhances documentation of an existing security feature (code signing).
Diff
diff --git a/lambda/latest/dg/configuration-codesigning.md b/lambda/latest/dg/configuration-codesigning.md index 3d57adf95..4f211c385 100644 --- a//lambda/latest/dg/configuration-codesigning.md +++ b//lambda/latest/dg/configuration-codesigning.md @@ -36 +36 @@ When you create a code signing configuration, you can use the [UntrustedArtifact - * `Warn`: This is the default setting. Lambda allows the deployment of the code package, but issues a warning. Lambda issues a new Amazon CloudWatch metric and also stores the warning in the CloudTrail log. + * `Warn`: This is the default setting. Lambda allows the deployment of the code package, but issues a warning. Lambda issues a new Amazon CloudWatch metric (`SignatureValidationErrors`) and also stores the warning in the CloudTrail log.