AWS Security ChangesHomeSearch

AWS config documentation change

Service: config · 2026-01-13 · Documentation low

File: config/latest/developerguide/lambda-inside-vpc.md

Summary

Expanded excluded regions list and changed 'subnetIds' parameter type from String to CSV with stricter requirement wording

Security assessment

Parameter type change and wording update ('can' to 'must') clarifies configuration but doesn't introduce new security controls or address vulnerabilities.

Diff

diff --git a/config/latest/developerguide/lambda-inside-vpc.md b/config/latest/developerguide/lambda-inside-vpc.md
index b73dc300c..84955d423 100644
--- a//config/latest/developerguide/lambda-inside-vpc.md
+++ b//config/latest/developerguide/lambda-inside-vpc.md
@@ -17 +17 @@ Checks if a Lambda function is allowed access to a virtual private cloud (VPC).
-**AWS Region:** All supported AWS regions except China (Ningxia) Region
+**AWS Region:** All supported AWS regions except China (Beijing), Asia Pacific (Thailand), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Asia Pacific (Taipei), China (Ningxia) Region
@@ -22 +22 @@ subnetIds (Optional)
-Type: String
+Type: CSV
@@ -25 +25 @@ Type: String
-Comma-separated list of Subnet IDs that Lambda functions can be associated with.
+Comma-separated list of subnet IDs that Lambda functions must be associated with.