AWS Security ChangesHomeSearch

AWS AWSCloudFormation medium security documentation change

Service: AWSCloudFormation · 2025-11-25 · Security-related medium

File: AWSCloudFormation/latest/TemplateReference/aws-properties-glue-securityconfiguration-cloudwatchencryption.md

Summary

Updated KMS key ARN pattern validation to require strict 'arn:aws:kms:' format

Security assessment

Ensures valid encryption configuration for CloudWatch logs, mitigating risks of unencrypted log data.

Diff

diff --git a/AWSCloudFormation/latest/TemplateReference/aws-properties-glue-securityconfiguration-cloudwatchencryption.md b/AWSCloudFormation/latest/TemplateReference/aws-properties-glue-securityconfiguration-cloudwatchencryption.md
index 941505cfa..dffad6c4a 100644
--- a//AWSCloudFormation/latest/TemplateReference/aws-properties-glue-securityconfiguration-cloudwatchencryption.md
+++ b//AWSCloudFormation/latest/TemplateReference/aws-properties-glue-securityconfiguration-cloudwatchencryption.md
@@ -55 +55 @@ _Required_ : No
- _Pattern_ : `^$|arn:aws[a-z0-9-]*:kms:.*`
+ _Pattern_ : `arn:aws:kms:.*`