AWS Security ChangesHomeSearch

AWS AWSCloudFormation medium security documentation change

Service: AWSCloudFormation · 2026-02-25 · Security-related medium

File: AWSCloudFormation/latest/TemplateReference/aws-resource-ec2-vpcpeeringconnection.md

Summary

Updated 'PeerRegion' description to specify STS usage for assuming PeerRoleArn and changed requirement to 'Conditional'.

Security assessment

Explicitly references Security Token Service (STS) for role assumption, which is a security feature. The conditional requirement change ensures proper security configuration when cross-account roles are used, preventing misconfiguration risks.

Diff

diff --git a/AWSCloudFormation/latest/TemplateReference/aws-resource-ec2-vpcpeeringconnection.md b/AWSCloudFormation/latest/TemplateReference/aws-resource-ec2-vpcpeeringconnection.md
index 8cc00a46e..70cf9b37e 100644
--- a//AWSCloudFormation/latest/TemplateReference/aws-resource-ec2-vpcpeeringconnection.md
+++ b//AWSCloudFormation/latest/TemplateReference/aws-resource-ec2-vpcpeeringconnection.md
@@ -58 +58 @@ To declare this entity in your CloudFormation template, use the following syntax
-Describes a Region.
+The Region code to use when calling Security Token Service (STS) to assume the PeerRoleArn, if provided.
@@ -60 +60 @@ Describes a Region.
-_Required_ : No
+_Required_ : Conditional