AWS Security ChangesHomeSearch

AWS AWSCloudFormation medium security documentation change

Service: AWSCloudFormation · 2025-11-07 · Security-related medium

File: AWSCloudFormation/latest/TemplateReference/aws-resource-servicecatalog-portfolioprincipalassociation.md

Summary

Made PortfolioId/PrincipalARN optional but added ARN pattern validation

Security assessment

The ARN pattern validation (arn:(aws|aws-cn|aws-us-gov):iam::[0-9]*:(role|user|group)\/.*) prevents invalid principal associations, reducing misconfiguration risks. This addresses potential authorization vulnerabilities.

Diff

diff --git a/AWSCloudFormation/latest/TemplateReference/aws-resource-servicecatalog-portfolioprincipalassociation.md b/AWSCloudFormation/latest/TemplateReference/aws-resource-servicecatalog-portfolioprincipalassociation.md
index ca8abb397..565d51b15 100644
--- a//AWSCloudFormation/latest/TemplateReference/aws-resource-servicecatalog-portfolioprincipalassociation.md
+++ b//AWSCloudFormation/latest/TemplateReference/aws-resource-servicecatalog-portfolioprincipalassociation.md
@@ -67 +67 @@ The portfolio identifier.
-_Required_ : Yes
+_Required_ : No
@@ -84 +84 @@ The ARN of the principal (IAM user, role, or group).
-_Required_ : Yes
+_Required_ : No
@@ -88,3 +88 @@ _Required_ : Yes
- _Minimum_ : `1`
-
- _Maximum_ : `1000`
+ _Pattern_ : `arn:(aws|aws-cn|aws-us-gov):iam::[0-9]*:(role|user|group)\/.*`
@@ -115,2 +112,0 @@ For more information about using the `Ref` function, see [`Ref`](https://docs.aw
-### Fn::GetAtt
-