AWS Security ChangesHomeSearch

AWS cli documentation change

Service: cli · 2025-10-13 · Documentation medium

File: cli/latest/reference/lambda/create-code-signing-config.md

Summary

Updated code signing policy documentation to include CloudWatch metric and CloudTrail logging for validation warnings

Security assessment

Enhances documentation of security monitoring capabilities but does not indicate a security fix. Improves visibility of validation issues through logging.

Diff

diff --git a/cli/latest/reference/lambda/create-code-signing-config.md b/cli/latest/reference/lambda/create-code-signing-config.md
index e9bc0de58..6a13341b0 100644
--- a//cli/latest/reference/lambda/create-code-signing-config.md
+++ b//cli/latest/reference/lambda/create-code-signing-config.md
@@ -15 +15 @@
-  * [AWS CLI 2.31.10 Command Reference](../../index.html) »
+  * [AWS CLI 2.31.13 Command Reference](../../index.html) »
@@ -149 +149 @@ JSON Syntax:
->> Code signing configuration policy for deployment validation failure. If you set the policy to `Enforce` , Lambda blocks the deployment request if signature validation checks fail. If you set the policy to `Warn` , Lambda allows the deployment and creates a CloudWatch log.
+>> Code signing configuration policy for deployment validation failure. If you set the policy to `Enforce` , Lambda blocks the deployment request if signature validation checks fail. If you set the policy to `Warn` , Lambda allows the deployment and issues a new Amazon CloudWatch metric (`SignatureValidationErrors` ) and also stores the warning in the CloudTrail log.
@@ -360 +360 @@ CodeSigningConfig -> (structure)
->>> Code signing configuration policy for deployment validation failure. If you set the policy to `Enforce` , Lambda blocks the deployment request if signature validation checks fail. If you set the policy to `Warn` , Lambda allows the deployment and creates a CloudWatch log.
+>>> Code signing configuration policy for deployment validation failure. If you set the policy to `Enforce` , Lambda blocks the deployment request if signature validation checks fail. If you set the policy to `Warn` , Lambda allows the deployment and issues a new Amazon CloudWatch metric (`SignatureValidationErrors` ) and also stores the warning in the CloudTrail log.
@@ -385 +385 @@ CodeSigningConfig -> (structure)
-  * [AWS CLI 2.31.10 Command Reference](../../index.html) »
+  * [AWS CLI 2.31.13 Command Reference](../../index.html) »