AWS AWSCloudFormation medium security documentation change
Summary
Modified KeyARN pattern to remove alias support (only keys allowed now)
Security assessment
Restricting encryption configuration to key ARNs (disallowing aliases) improves security by enforcing explicit key usage. This addresses potential misconfiguration risks.
Diff
diff --git a/AWSCloudFormation/latest/TemplateReference/aws-properties-kinesisfirehose-deliverystream-kmsencryptionconfig.md b/AWSCloudFormation/latest/TemplateReference/aws-properties-kinesisfirehose-deliverystream-kmsencryptionconfig.md index a3e2afed6..e2da5a33e 100644 --- a//AWSCloudFormation/latest/TemplateReference/aws-properties-kinesisfirehose-deliverystream-kmsencryptionconfig.md +++ b//AWSCloudFormation/latest/TemplateReference/aws-properties-kinesisfirehose-deliverystream-kmsencryptionconfig.md @@ -40 +40 @@ _Required_ : Yes - _Pattern_ : `arn:.*:kms:[a-zA-Z0-9\-]+:\d{12}:(key|alias)/[a-zA-Z_0-9+=,.@\-_/]+` + _Pattern_ : `arn:.*:kms:[a-zA-Z0-9\-]+:\d{12}:key/[a-zA-Z_0-9+=,.@\-_/]+`