AWS AWSCloudFormation medium security documentation change
Summary
Added ARN pattern validation for RoleArn and SecretArn properties
Security assessment
Added strict regex patterns for IAM role and Secrets Manager ARNs. This prevents misconfiguration by enforcing correct ARN formats, reducing risks of privilege escalation or secret exposure due to invalid ARNs.
Diff
diff --git a/AWSCloudFormation/latest/TemplateReference/aws-properties-mediaconnect-flowsource-encryption.md b/AWSCloudFormation/latest/TemplateReference/aws-properties-mediaconnect-flowsource-encryption.md index 3848b1e54..5bdbab4ab 100644 --- a//AWSCloudFormation/latest/TemplateReference/aws-properties-mediaconnect-flowsource-encryption.md +++ b//AWSCloudFormation/latest/TemplateReference/aws-properties-mediaconnect-flowsource-encryption.md @@ -125,0 +126,2 @@ _Required_ : Yes + _Pattern_ : `^arn:(aws[a-zA-Z-]*):iam::[0-9]{12}:role/[a-zA-Z0-9_+=,.@-]+$` + @@ -136,0 +139,2 @@ _Required_ : No + _Pattern_ : `^arn:(aws[a-zA-Z-]*):secretsmanager:[a-z0-9-]+:[0-9]{12}:secret:[a-zA-Z0-9/_+=.@-]+$` +