AWS Security ChangesHomeSearch

AWS AWSCloudFormation documentation change

Service: AWSCloudFormation · 2025-12-25 · Documentation low

File: AWSCloudFormation/latest/TemplateReference/aws-properties-observabilityadmin-telemetrypipelines-telemetrypipelineconfiguration.md

Summary

Expanded pipeline configuration documentation with details about required components (source/sink), optional processors, and extensions including AWS Secrets Manager integration

Security assessment

Added documentation about AWS Secrets Manager integration for credential management, which is a security feature. However, no evidence of addressing a specific security vulnerability.

Diff

diff --git a/AWSCloudFormation/latest/TemplateReference/aws-properties-observabilityadmin-telemetrypipelines-telemetrypipelineconfiguration.md b/AWSCloudFormation/latest/TemplateReference/aws-properties-observabilityadmin-telemetrypipelines-telemetrypipelineconfiguration.md
index b9e414cd7..5e3067f50 100644
--- a//AWSCloudFormation/latest/TemplateReference/aws-properties-observabilityadmin-telemetrypipelines-telemetrypipelineconfiguration.md
+++ b//AWSCloudFormation/latest/TemplateReference/aws-properties-observabilityadmin-telemetrypipelines-telemetrypipelineconfiguration.md
@@ -9 +9,16 @@ This is the new _CloudFormation Template Reference Guide_. Please update your bo
-Defines the configuration for a telemetry pipeline, including how data flows from sources through processors to destinations.
+Defines the configuration for a pipeline, including how data flows from sources through processors to destinations. The configuration is specified in YAML format and must include a valid pipeline definition with required source and sink components. This pipeline enables end-to-end telemetry data collection, transformation, and delivery while supporting optional processing steps and extensions for enhanced functionality.
+
+The primary pipeline configuration section are:
+
+  * **Source:** Defines where log data originates from (S3 buckets, CloudWatch Logs, third-party APIs). Each pipeline must have exactly one source.
+
+  * **Processors (optional):** Transform, parse, and enrich log data as it flows through the pipeline. Processors are applied sequentially in the order they are defined.
+
+  * **Sink:** Defines the destination where processed log data is sent. Each pipeline must have exactly one sink.
+
+  * **Extensions (optional):** Provide additional functionality such as AWS Secrets Manager integration for credential management.
+
+
+
+
+For more details on each configuration section see [CloudWatch pipelines User Guide](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/cloudwatch-pipelines.html). Additional comprehensive configuration examples can be found in the [CreateTelemetryPipeline API docs](https://docs.aws.amazon.com/cloudwatch/latest/observabilityadmin/API_CreateTelemetryPipeline.html#API_CreateTelemetryPipeline_Examples).