AWS cdk documentation change
Summary
Updated references from 'AWS CloudFormation' to 'CloudFormation' and maintained security warning about sensitive values in templates
Security assessment
The changes are primarily terminology updates. The existing security warning about sensitive values in CloudFormation templates was preserved but not modified in substance. No new security documentation was added, and there is no evidence of addressing a specific security vulnerability.
Diff
diff --git a/cdk/v1/guide/get-ssm-value.md b/cdk/v1/guide/get-ssm-value.md index 6dca63976..1f7290c55 100644 --- a//cdk/v1/guide/get-ssm-value.md +++ b//cdk/v1/guide/get-ssm-value.md @@ -9 +9 @@ This is the AWS CDK v1 Developer Guide. The older CDK v1 entered maintenance on -The AWS CDK can retrieve the value of AWS Systems Manager Parameter Store attributes. During synthesis, the AWS CDK produces a [token](./tokens.html) that is resolved by AWS CloudFormation during deployment. +The AWS CDK can retrieve the value of AWS Systems Manager Parameter Store attributes. During synthesis, the AWS CDK produces a [token](./tokens.html) that is resolved by CloudFormation during deployment. @@ -19 +19 @@ This topic shows how to read attributes from the AWS Systems Manager Parameter S -To read values from the Systems Manager Parameter Store, use the [valueForStringParameter](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ssm.StringParameter.html#static-valuewbrforwbrstringwbrparameterscope-parametername-version) and [valueForSecureStringParameter](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ssm.StringParameter.html#static-valuewbrforwbrsecurewbrstringwbrparameterscope-parametername-version) methods, depending on whether the attribute you want is a plain string or a secure string value. These methods return [tokens](./tokens.html), not the actual value. The value is resolved by AWS CloudFormation during deployment. +To read values from the Systems Manager Parameter Store, use the [valueForStringParameter](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ssm.StringParameter.html#static-valuewbrforwbrstringwbrparameterscope-parametername-version) and [valueForSecureStringParameter](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ssm.StringParameter.html#static-valuewbrforwbrsecurewbrstringwbrparameterscope-parametername-version) methods, depending on whether the attribute you want is a plain string or a secure string value. These methods return [tokens](./tokens.html), not the actual value. The value is resolved by CloudFormation during deployment. @@ -105 +105 @@ C# -It is sometimes useful to "bake in" a parameter at synthesis time, so that the resulting AWS CloudFormation template always uses the same value, rather than resolving the value during deployment. +It is sometimes useful to "bake in" a parameter at synthesis time, so that the resulting CloudFormation template always uses the same value, rather than resolving the value during deployment. @@ -113 +113 @@ Only plain Systems Manager strings may be retrieved, not secure strings. It is n -The retrieved value will end up in your synthesized AWS CloudFormation template, which may be a security risk depending on who has access to your AWS CloudFormation templates and what kind of value it is. Generally, don't use this feature for passwords, keys, or other values you want to keep private. +The retrieved value will end up in your synthesized CloudFormation template, which may be a security risk depending on who has access to your CloudFormation templates and what kind of value it is. Generally, don't use this feature for passwords, keys, or other values you want to keep private.