AWS Security ChangesHomeSearch

AWS AmazonCloudFront documentation change

Service: AmazonCloudFront · 2026-02-19 · Documentation low

File: AmazonCloudFront/latest/DeveloperGuide/trust-stores-certificate-management.md

Summary

Added RSA 3072 as an accepted key size for CA certificates in CloudFront trust stores

Security assessment

The change expands supported cryptographic algorithms but shows no evidence of addressing a specific vulnerability. RSA 3072 provides stronger security than 2048-bit keys, enhancing encryption strength for certificate management.

Diff

diff --git a/AmazonCloudFront/latest/DeveloperGuide/trust-stores-certificate-management.md b/AmazonCloudFront/latest/DeveloperGuide/trust-stores-certificate-management.md
index 02c9f999e..f941901e1 100644
--- a//AmazonCloudFront/latest/DeveloperGuide/trust-stores-certificate-management.md
+++ b//AmazonCloudFront/latest/DeveloperGuide/trust-stores-certificate-management.md
@@ -53 +53 @@ Trust stores have specific requirements for the CA certificates they contain:
-    * RSA 2048, RSA 4096
+    * RSA 2048, RSA 3072, RSA 4096