AWS Security ChangesHomeSearch

AWS AWSCloudFormation documentation change

Service: AWSCloudFormation · 2025-11-19 · Documentation low

File: AWSCloudFormation/latest/UserGuide/stacksets-prereqs-self-managed.md

Summary

Updated service name from 'AWS CloudFormation StackSets' to 'CloudFormation StackSets' in security context

Security assessment

Terminology refinement in existing security guidance about confused deputy prevention. No new security content added

Diff

diff --git a/AWSCloudFormation/latest/UserGuide/stacksets-prereqs-self-managed.md b/AWSCloudFormation/latest/UserGuide/stacksets-prereqs-self-managed.md
index bf37cfac5..d213da818 100644
--- a//AWSCloudFormation/latest/UserGuide/stacksets-prereqs-self-managed.md
+++ b//AWSCloudFormation/latest/UserGuide/stacksets-prereqs-self-managed.md
@@ -531 +531 @@ The confused deputy problem is a security issue where an entity that doesn't hav
-We recommend using the [aws:SourceArn](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-sourcearn) and [aws:SourceAccount](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-sourceaccount) global condition context keys in resource policies to limit the permissions that AWS CloudFormation StackSets gives another service to the resource. If you use both global condition context keys, the `aws:SourceAccount` value and the account in the `aws:SourceArn` value must use the same account ID when used in the same policy statement.
+We recommend using the [aws:SourceArn](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-sourcearn) and [aws:SourceAccount](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-sourceaccount) global condition context keys in resource policies to limit the permissions that CloudFormation StackSets gives another service to the resource. If you use both global condition context keys, the `aws:SourceAccount` value and the account in the `aws:SourceArn` value must use the same account ID when used in the same policy statement.