AWS AWSCloudFormation documentation change
Summary
Updated IAM role ARN pattern validation regex
Security assessment
Stricter ARN pattern enforcement for Lake Formation roles, but no direct security issue is cited.
Diff
diff --git a/AWSCloudFormation/latest/TemplateReference/aws-properties-datazone-environmentblueprintconfiguration-lakeformationconfiguration.md b/AWSCloudFormation/latest/TemplateReference/aws-properties-datazone-environmentblueprintconfiguration-lakeformationconfiguration.md index edce249ed..094208b2f 100644 --- a//AWSCloudFormation/latest/TemplateReference/aws-properties-datazone-environmentblueprintconfiguration-lakeformationconfiguration.md +++ b//AWSCloudFormation/latest/TemplateReference/aws-properties-datazone-environmentblueprintconfiguration-lakeformationconfiguration.md @@ -58 +58 @@ _Required_ : No - _Pattern_ : `^arn:aws[^:]*:iam::\d{12}:(role|role/service-role)/[\w+=,.@-]*$` + _Pattern_ : `^arn:aws[^:]*:iam::\d{12}:role(/[a-zA-Z0-9+=,.@_-]+)*/[a-zA-Z0-9+=,.@_-]+$`