AWS Security ChangesHomeSearch

AWS AWSCloudFormation documentation change

Service: AWSCloudFormation · 2025-12-07 · Documentation low

File: AWSCloudFormation/latest/TemplateReference/aws-resource-backup-logicallyairgappedbackupvault.md

Summary

Added encryption key behavior details and MPA approval team ARN immutability.

Security assessment

Documents encryption key management (AWS-owned key creation) and access control (MPA ARN enforcement), which are security features. No indication of a resolved vulnerability.

Diff

diff --git a/AWSCloudFormation/latest/TemplateReference/aws-resource-backup-logicallyairgappedbackupvault.md b/AWSCloudFormation/latest/TemplateReference/aws-resource-backup-logicallyairgappedbackupvault.md
index 19e0f435d..e29ef87bc 100644
--- a//AWSCloudFormation/latest/TemplateReference/aws-resource-backup-logicallyairgappedbackupvault.md
+++ b//AWSCloudFormation/latest/TemplateReference/aws-resource-backup-logicallyairgappedbackupvault.md
@@ -99,0 +100,2 @@ The server-side encryption key that is used to protect your backups; for example
+If this field is left blank, AWS Backup will create an AWS owned key to be used to encrypt the content of the logically air-gapped vault. The ARN of this created key will be available as `Fn::GetAtt` output.
+
@@ -133 +135 @@ _Required_ : Yes
-Property description not available.
+The Amazon Resource Name (ARN) of the MPA approval team to associate with the backup vault. This cannot be changed after it is set from the CloudFormation template.