AWS Security ChangesHomeSearch

AWS AWSCloudFormation medium security documentation change

Service: AWSCloudFormation · 2026-02-10 · Security-related medium

File: AWSCloudFormation/latest/TemplateReference/aws-properties-mediaconnect-flowsource-encryption.md

Summary

Added ARN pattern validation for RoleArn and SecretArn properties

Security assessment

Added strict regex patterns for IAM role and Secrets Manager ARNs. This prevents misconfiguration by enforcing correct ARN formats, reducing risks of privilege escalation or secret exposure due to invalid ARNs.

Diff

diff --git a/AWSCloudFormation/latest/TemplateReference/aws-properties-mediaconnect-flowsource-encryption.md b/AWSCloudFormation/latest/TemplateReference/aws-properties-mediaconnect-flowsource-encryption.md
index 3848b1e54..5bdbab4ab 100644
--- a//AWSCloudFormation/latest/TemplateReference/aws-properties-mediaconnect-flowsource-encryption.md
+++ b//AWSCloudFormation/latest/TemplateReference/aws-properties-mediaconnect-flowsource-encryption.md
@@ -125,0 +126,2 @@ _Required_ : Yes
+ _Pattern_ : `^arn:(aws[a-zA-Z-]*):iam::[0-9]{12}:role/[a-zA-Z0-9_+=,.@-]+$`
+
@@ -136,0 +139,2 @@ _Required_ : No
+ _Pattern_ : `^arn:(aws[a-zA-Z-]*):secretsmanager:[a-z0-9-]+:[0-9]{12}:secret:[a-zA-Z0-9/_+=.@-]+$`
+