AWS AWSCloudFormation medium security documentation change
Summary
Made PortfolioId/PrincipalARN optional but added ARN pattern validation
Security assessment
The ARN pattern validation (arn:(aws|aws-cn|aws-us-gov):iam::[0-9]*:(role|user|group)\/.*) prevents invalid principal associations, reducing misconfiguration risks. This addresses potential authorization vulnerabilities.
Diff
diff --git a/AWSCloudFormation/latest/TemplateReference/aws-resource-servicecatalog-portfolioprincipalassociation.md b/AWSCloudFormation/latest/TemplateReference/aws-resource-servicecatalog-portfolioprincipalassociation.md index ca8abb397..565d51b15 100644 --- a//AWSCloudFormation/latest/TemplateReference/aws-resource-servicecatalog-portfolioprincipalassociation.md +++ b//AWSCloudFormation/latest/TemplateReference/aws-resource-servicecatalog-portfolioprincipalassociation.md @@ -67 +67 @@ The portfolio identifier. -_Required_ : Yes +_Required_ : No @@ -84 +84 @@ The ARN of the principal (IAM user, role, or group). -_Required_ : Yes +_Required_ : No @@ -88,3 +88 @@ _Required_ : Yes - _Minimum_ : `1` - - _Maximum_ : `1000` + _Pattern_ : `arn:(aws|aws-cn|aws-us-gov):iam::[0-9]*:(role|user|group)\/.*` @@ -115,2 +112,0 @@ For more information about using the `Ref` function, see [`Ref`](https://docs.aw -### Fn::GetAtt -