AWS cli documentation change
Summary
Updated AWS CLI version reference from 2.32.21 to 2.32.23. Added extensive list of new AWS resource types supported by ConfigService. Modified Security Hub reference to specify 'Security Hub CSPM' in IAM permissions note.
Security assessment
The change adds documentation for security-related resource types (e.g., GuardDuty::MalwareProtectionPlan, SecretsManager::ResourcePolicy, Route53::DNSSEC) and clarifies Security Hub CSPM integration. However, there's no evidence of addressing a specific vulnerability - this is routine documentation expansion for new services and features.
Diff
diff --git a/cli/latest/reference/configservice/disassociate-resource-types.md b/cli/latest/reference/configservice/disassociate-resource-types.md index e414beaa8..435ffcf40 100644 --- a//cli/latest/reference/configservice/disassociate-resource-types.md +++ b//cli/latest/reference/configservice/disassociate-resource-types.md @@ -15 +15 @@ - * [AWS CLI 2.32.21 Command Reference](../../index.html) » + * [AWS CLI 2.32.23 Command Reference](../../index.html) » @@ -555,0 +556,91 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/config +>> * `AWS::CloudFormation::StackSet` +>> * `AWS::MediaPackageV2::Channel` +>> * `AWS::S3::AccessGrantsLocation` +>> * `AWS::S3::AccessGrant` +>> * `AWS::S3::AccessGrantsInstance` +>> * `AWS::EMRServerless::Application` +>> * `AWS::Config::AggregationAuthorization` +>> * `AWS::Bedrock::ApplicationInferenceProfile` +>> * `AWS::ApiGatewayV2::Integration` +>> * `AWS::SageMaker::MlflowTrackingServer` +>> * `AWS::SageMaker::ModelBiasJobDefinition` +>> * `AWS::SecretsManager::RotationSchedule` +>> * `AWS::Deadline::QueueFleetAssociation` +>> * `AWS::ECR::RepositoryCreationTemplate` +>> * `AWS::CloudFormation::LambdaHook` +>> * `AWS::EC2::SubnetNetworkAclAssociation` +>> * `AWS::ApiGateway::UsagePlan` +>> * `AWS::AppConfig::Extension` +>> * `AWS::Deadline::Fleet` +>> * `AWS::EMR::Studio` +>> * `AWS::S3Tables::TableBucket` +>> * `AWS::CloudFront::RealtimeLogConfig` +>> * `AWS::BackupGateway::Hypervisor` +>> * `AWS::BCMDataExports::Export` +>> * `AWS::CloudFormation::GuardHook` +>> * `AWS::CloudFront::PublicKey` +>> * `AWS::CloudTrail::EventDataStore` +>> * `AWS::EntityResolution::IdMappingWorkflow` +>> * `AWS::EntityResolution::SchemaMapping` +>> * `AWS::IoT::DomainConfiguration` +>> * `AWS::PCAConnectorAD::DirectoryRegistration` +>> * `AWS::RDS::Integration` +>> * `AWS::Config::ConformancePack` +>> * `AWS::RolesAnywhere::Profile` +>> * `AWS::CodeArtifact::Domain` +>> * `AWS::Backup::RestoreTestingPlan` +>> * `AWS::Config::StoredQuery` +>> * `AWS::SageMaker::DataQualityJobDefinition` +>> * `AWS::SageMaker::ModelExplainabilityJobDefinition` +>> * `AWS::SageMaker::ModelQualityJobDefinition` +>> * `AWS::SageMaker::StudioLifecycleConfig` +>> * `AWS::SES::DedicatedIpPool` +>> * `AWS::SES::MailManagerTrafficPolicy` +>> * `AWS::SSM::ResourceDataSync` +>> * `AWS::BedrockAgentCore::Runtime` +>> * `AWS::BedrockAgentCore::BrowserCustom` +>> * `AWS::ElasticLoadBalancingV2::TargetGroup` +>> * `AWS::EMRContainers::VirtualCluster` +>> * `AWS::EntityResolution::MatchingWorkflow` +>> * `AWS::IoTCoreDeviceAdvisor::SuiteDefinition` +>> * `AWS::EC2::SecurityGroupVpcAssociation` +>> * `AWS::EC2::VerifiedAccessInstance` +>> * `AWS::KafkaConnect::CustomPlugin` +>> * `AWS::NetworkManager::TransitGatewayPeering` +>> * `AWS::OpenSearchServerless::SecurityConfig` +>> * `AWS::Redshift::Integration` +>> * `AWS::RolesAnywhere::TrustAnchor` +>> * `AWS::Route53Profiles::ProfileAssociation` +>> * `AWS::SSMIncidents::ResponsePlan` +>> * `AWS::Transfer::Server` +>> * `AWS::Glue::Database` +>> * `AWS::Organizations::OrganizationalUnit` +>> * `AWS::EC2::IPAMPoolCidr` +>> * `AWS::EC2::VPCGatewayAttachment` +>> * `AWS::Bedrock::Prompt` +>> * `AWS::Comprehend::Flywheel` +>> * `AWS::DataSync::Agent` +>> * `AWS::MediaTailor::LiveSource` +>> * `AWS::MSK::ServerlessCluster` +>> * `AWS::IoTSiteWise::Asset` +>> * `AWS::B2BI::Capability` +>> * `AWS::CloudFront::KeyValueStore` +>> * `AWS::Deadline::Monitor` +>> * `AWS::GuardDuty::MalwareProtectionPlan` +>> * `AWS::Location::APIKey` +>> * `AWS::MediaPackageV2::OriginEndpoint` +>> * `AWS::PCAConnectorAD::Connector` +>> * `AWS::S3Tables::TableBucketPolicy` +>> * `AWS::SecretsManager::ResourcePolicy` +>> * `AWS::SSMContacts::Contact` +>> * `AWS::IoT::ThingGroup` +>> * `AWS::ImageBuilder::LifecyclePolicy` +>> * `AWS::GameLift::Build` +>> * `AWS::ECR::ReplicationConfiguration` +>> * `AWS::EC2::SubnetCidrBlock` +>> * `AWS::Connect::SecurityProfile` +>> * `AWS::CleanRoomsML::TrainingDataset` +>> * `AWS::AppStream::AppBlockBuilder` +>> * `AWS::Route53::DNSSEC` +>> * `AWS::SageMaker::UserProfile` +>> * `AWS::ApiGateway::Method` @@ -720 +811 @@ ConfigurationRecorder -> (structure) ->> If you use an Amazon Web Services service that uses Config, such as Security Hub or Control Tower, and an IAM role has already been created, make sure that the IAM role that you use when setting up Config keeps the same minimum permissions as the pre-existing IAM role. You must do this to ensure that the other Amazon Web Services service continues to run as expected. +>> If you use an Amazon Web Services service that uses Config, such as Security Hub CSPM or Control Tower, and an IAM role has already been created, make sure that the IAM role that you use when setting up Config keeps the same minimum permissions as the pre-existing IAM role. You must do this to ensure that the other Amazon Web Services service continues to run as expected. @@ -1264,0 +1356,91 @@ ConfigurationRecorder -> (structure) +>>>> * `AWS::CloudFormation::StackSet` +>>>> * `AWS::MediaPackageV2::Channel` +>>>> * `AWS::S3::AccessGrantsLocation` +>>>> * `AWS::S3::AccessGrant` +>>>> * `AWS::S3::AccessGrantsInstance` +>>>> * `AWS::EMRServerless::Application` +>>>> * `AWS::Config::AggregationAuthorization` +>>>> * `AWS::Bedrock::ApplicationInferenceProfile` +>>>> * `AWS::ApiGatewayV2::Integration` +>>>> * `AWS::SageMaker::MlflowTrackingServer` +>>>> * `AWS::SageMaker::ModelBiasJobDefinition` +>>>> * `AWS::SecretsManager::RotationSchedule` +>>>> * `AWS::Deadline::QueueFleetAssociation` +>>>> * `AWS::ECR::RepositoryCreationTemplate` +>>>> * `AWS::CloudFormation::LambdaHook` +>>>> * `AWS::EC2::SubnetNetworkAclAssociation` +>>>> * `AWS::ApiGateway::UsagePlan` +>>>> * `AWS::AppConfig::Extension` +>>>> * `AWS::Deadline::Fleet` +>>>> * `AWS::EMR::Studio` +>>>> * `AWS::S3Tables::TableBucket` +>>>> * `AWS::CloudFront::RealtimeLogConfig` +>>>> * `AWS::BackupGateway::Hypervisor` +>>>> * `AWS::BCMDataExports::Export` +>>>> * `AWS::CloudFormation::GuardHook` +>>>> * `AWS::CloudFront::PublicKey` +>>>> * `AWS::CloudTrail::EventDataStore` +>>>> * `AWS::EntityResolution::IdMappingWorkflow` +>>>> * `AWS::EntityResolution::SchemaMapping` +>>>> * `AWS::IoT::DomainConfiguration` +>>>> * `AWS::PCAConnectorAD::DirectoryRegistration` +>>>> * `AWS::RDS::Integration` +>>>> * `AWS::Config::ConformancePack` +>>>> * `AWS::RolesAnywhere::Profile` +>>>> * `AWS::CodeArtifact::Domain` +>>>> * `AWS::Backup::RestoreTestingPlan` +>>>> * `AWS::Config::StoredQuery` +>>>> * `AWS::SageMaker::DataQualityJobDefinition` +>>>> * `AWS::SageMaker::ModelExplainabilityJobDefinition` +>>>> * `AWS::SageMaker::ModelQualityJobDefinition` +>>>> * `AWS::SageMaker::StudioLifecycleConfig` +>>>> * `AWS::SES::DedicatedIpPool` +>>>> * `AWS::SES::MailManagerTrafficPolicy` +>>>> * `AWS::SSM::ResourceDataSync` +>>>> * `AWS::BedrockAgentCore::Runtime` +>>>> * `AWS::BedrockAgentCore::BrowserCustom` +>>>> * `AWS::ElasticLoadBalancingV2::TargetGroup` +>>>> * `AWS::EMRContainers::VirtualCluster` +>>>> * `AWS::EntityResolution::MatchingWorkflow` +>>>> * `AWS::IoTCoreDeviceAdvisor::SuiteDefinition` +>>>> * `AWS::EC2::SecurityGroupVpcAssociation` +>>>> * `AWS::EC2::VerifiedAccessInstance` +>>>> * `AWS::KafkaConnect::CustomPlugin` +>>>> * `AWS::NetworkManager::TransitGatewayPeering` +>>>> * `AWS::OpenSearchServerless::SecurityConfig` +>>>> * `AWS::Redshift::Integration` +>>>> * `AWS::RolesAnywhere::TrustAnchor` +>>>> * `AWS::Route53Profiles::ProfileAssociation` +>>>> * `AWS::SSMIncidents::ResponsePlan` +>>>> * `AWS::Transfer::Server` +>>>> * `AWS::Glue::Database` +>>>> * `AWS::Organizations::OrganizationalUnit` +>>>> * `AWS::EC2::IPAMPoolCidr` +>>>> * `AWS::EC2::VPCGatewayAttachment` +>>>> * `AWS::Bedrock::Prompt` +>>>> * `AWS::Comprehend::Flywheel` +>>>> * `AWS::DataSync::Agent` +>>>> * `AWS::MediaTailor::LiveSource` +>>>> * `AWS::MSK::ServerlessCluster` +>>>> * `AWS::IoTSiteWise::Asset` +>>>> * `AWS::B2BI::Capability` +>>>> * `AWS::CloudFront::KeyValueStore` +>>>> * `AWS::Deadline::Monitor` +>>>> * `AWS::GuardDuty::MalwareProtectionPlan` +>>>> * `AWS::Location::APIKey` +>>>> * `AWS::MediaPackageV2::OriginEndpoint` +>>>> * `AWS::PCAConnectorAD::Connector` +>>>> * `AWS::S3Tables::TableBucketPolicy` +>>>> * `AWS::SecretsManager::ResourcePolicy` +>>>> * `AWS::SSMContacts::Contact` +>>>> * `AWS::IoT::ThingGroup` +>>>> * `AWS::ImageBuilder::LifecyclePolicy` +>>>> * `AWS::GameLift::Build` +>>>> * `AWS::ECR::ReplicationConfiguration` +>>>> * `AWS::EC2::SubnetCidrBlock` +>>>> * `AWS::Connect::SecurityProfile` +>>>> * `AWS::CleanRoomsML::TrainingDataset` +>>>> * `AWS::AppStream::AppBlockBuilder` +>>>> * `AWS::Route53::DNSSEC` +>>>> * `AWS::SageMaker::UserProfile` +>>>> * `AWS::ApiGateway::Method` @@ -1727,0 +1910,91 @@ ConfigurationRecorder -> (structure) +>>>>> * `AWS::CloudFormation::StackSet` +>>>>> * `AWS::MediaPackageV2::Channel` +>>>>> * `AWS::S3::AccessGrantsLocation` +>>>>> * `AWS::S3::AccessGrant` +>>>>> * `AWS::S3::AccessGrantsInstance`