AWS AWSCloudFormation documentation change
Summary
Added encryption key behavior details and MPA approval team ARN immutability.
Security assessment
Documents encryption key management (AWS-owned key creation) and access control (MPA ARN enforcement), which are security features. No indication of a resolved vulnerability.
Diff
diff --git a/AWSCloudFormation/latest/TemplateReference/aws-resource-backup-logicallyairgappedbackupvault.md b/AWSCloudFormation/latest/TemplateReference/aws-resource-backup-logicallyairgappedbackupvault.md index 19e0f435d..e29ef87bc 100644 --- a//AWSCloudFormation/latest/TemplateReference/aws-resource-backup-logicallyairgappedbackupvault.md +++ b//AWSCloudFormation/latest/TemplateReference/aws-resource-backup-logicallyairgappedbackupvault.md @@ -99,0 +100,2 @@ The server-side encryption key that is used to protect your backups; for example +If this field is left blank, AWS Backup will create an AWS owned key to be used to encrypt the content of the logically air-gapped vault. The ARN of this created key will be available as `Fn::GetAtt` output. + @@ -133 +135 @@ _Required_ : Yes -Property description not available. +The Amazon Resource Name (ARN) of the MPA approval team to associate with the backup vault. This cannot be changed after it is set from the CloudFormation template.