AWS Security ChangesHomeSearch

AWS AmazonCloudFront medium security documentation change

Service: AmazonCloudFront · 2025-11-19 · Security-related medium

File: AmazonCloudFront/latest/DeveloperGuide/WhatsNew.md

Summary

Added entries about updated AWS managed policies (CloudFrontFullAccess and CloudFrontReadOnlyAccess) with new permissions for AWS WAF Web ACL and AWS Pricing Plan Manager, and introduced flat-rate pricing plans documentation.

Security assessment

The updates to IAM policies (CloudFrontFullAccess and CloudFrontReadOnlyAccess) explicitly expand permissions for security-related AWS WAF Web ACL resources. This directly impacts security posture by defining access controls, though there is no evidence of addressing a specific vulnerability.

Diff

diff --git a/AmazonCloudFront/latest/DeveloperGuide/WhatsNew.md b/AmazonCloudFront/latest/DeveloperGuide/WhatsNew.md
index a9a5a97e6..c76a04738 100644
--- a//AmazonCloudFront/latest/DeveloperGuide/WhatsNew.md
+++ b//AmazonCloudFront/latest/DeveloperGuide/WhatsNew.md
@@ -10,0 +11,3 @@ Change| Description| Date
+[Updated AWS managed policy](./security-iam-awsmanpol.html)| Updated `CloudFrontFullAccess` to allow permission to create an AWS WAF Web ACL resource and create, update, delete, and read access to AWS Pricing Plan Manager.| November 18, 2025  
+[Updated AWS managed policy](./security-iam-awsmanpol.html)| Updated `CloudFrontReadOnlyAccess` to allow read-only permission to AWS Pricing Plan Manager. | November 18, 2025  
+[CloudFront supports flat-rate pricing plans](./flat-rate-pricing-plan.html)| You can now subscribe your distributions to a CloudFront flat-rate pricing plan.| November 18, 2025  
@@ -54 +57 @@ CloudFront public endpoints now support IPv6| See [Amazon CloudFront endpoints a
-[AWS managed policy update](./security-iam-awsmanpol.html)| The `CloudFrontReadOnlyAccess` and `CloudFrontFullAccess` IAM policies now support `KeyValueStore` operations.| December 19, 2023  
+[AWS managed policy](./security-iam-awsmanpol.html)| The `CloudFrontReadOnlyAccess` and `CloudFrontFullAccess` IAM policies now support `KeyValueStore` operations.| December 19, 2023  
@@ -79 +82 @@ CloudFront public endpoints now support IPv6| See [Amazon CloudFront endpoints a
-[Additional metrics for CloudFront distributions](./viewing-cloudfront-metrics.html#monitoring-console.distributions-additional)| Support for `MonitoringSubscription` in the CloudFront API and AWS CloudFormation.| October 3, 2022  
+[Additional metrics for CloudFront distributions](./viewing-cloudfront-metrics.html#monitoring-console.distributions-additional)| Support for `MonitoringSubscription` in the CloudFront API and CloudFormation.| October 3, 2022  
@@ -111 +114 @@ New settings to control origin timeouts and attempts| CloudFront added new setti
-New documentation for getting started with CloudFront by creating a secure static website| Get started with CloudFront by creating a secure static website using Amazon S3, CloudFront, Lambda@Edge, and more, all deployed with AWS CloudFormation. For more information, see [Getting started with a secure static website](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/getting-started-secure-static-website-cloudformation-template.html).| June 2, 2020  
+New documentation for getting started with CloudFront by creating a secure static website| Get started with CloudFront by creating a secure static website using Amazon S3, CloudFront, Lambda@Edge, and more, all deployed with CloudFormation. For more information, see [Getting started with a secure static website](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/getting-started-secure-static-website-cloudformation-template.html).| June 2, 2020