AWS AWSCloudFormation high security documentation change
Summary
Added ARN pattern validation for RoleArn property: 'arn:(aws|aws-cn|aws-us-gov):iam::[0-9]*:(role)\/.*'
Security assessment
ARN pattern enforcement prevents misconfiguration of IAM roles. This mitigates risks of privilege escalation by ensuring only valid role ARNs are accepted, directly addressing security best practices for IAM.
Diff
diff --git a/AWSCloudFormation/latest/TemplateReference/aws-resource-servicecatalog-launchroleconstraint.md b/AWSCloudFormation/latest/TemplateReference/aws-resource-servicecatalog-launchroleconstraint.md index c9a66d2a4..c1d037336 100644 --- a//AWSCloudFormation/latest/TemplateReference/aws-resource-servicecatalog-launchroleconstraint.md +++ b//AWSCloudFormation/latest/TemplateReference/aws-resource-servicecatalog-launchroleconstraint.md @@ -138,0 +139,2 @@ _Required_ : No + _Pattern_ : `arn:(aws|aws-cn|aws-us-gov):iam::[0-9]*:(role)\/.*` +