AWS AWSCloudFormation documentation change
Summary
Added documentation for ECR signing rules, specifying how repository filters and signing profiles are used to sign images on push
Security assessment
The changes explain how image signing is enforced using signing profiles, which is a security feature. No indication of resolving a security flaw.
Diff
diff --git a/AWSCloudFormation/latest/TemplateReference/aws-properties-ecr-signingconfiguration-rule.md b/AWSCloudFormation/latest/TemplateReference/aws-properties-ecr-signingconfiguration-rule.md index 4ef264784..a312b7778 100644 --- a//AWSCloudFormation/latest/TemplateReference/aws-properties-ecr-signingconfiguration-rule.md +++ b//AWSCloudFormation/latest/TemplateReference/aws-properties-ecr-signingconfiguration-rule.md @@ -9 +9 @@ This is the new _CloudFormation Template Reference Guide_. Please update your bo -The `Rule` property type specifies Property description not available. for an [AWS::ECR::SigningConfiguration](./aws-resource-ecr-signingconfiguration.html). +A signing rule that specifies a signing profile and optional repository filters. When an image is pushed to a matching repository, a signing job is created using the specified profile. @@ -37 +37 @@ To declare this entity in your CloudFormation template, use the following syntax -Property description not available. +A list of repository filters that determine which repositories have their images signed on push. If no filters are specified, all images pushed to the registry are signed using the rule's signing profile. Maximum of 100 filters per rule. @@ -52 +52 @@ _Required_ : No -Property description not available. +The ARN of the AWS Signer signing profile to use for signing images that match this rule. For more information about signing profiles, see [Signing profiles](https://docs.aws.amazon.com/signer/latest/developerguide/signing-profiles.html) in the _AWS Signer Developer Guide_.