AWS Security ChangesHomeSearch

AWS AWSCloudFormation high security documentation change

Service: AWSCloudFormation · 2026-02-25 · Security-related high

File: AWSCloudFormation/latest/TemplateReference/aws-resource-servicecatalog-launchroleconstraint.md

Summary

Added ARN pattern validation for RoleArn property: 'arn:(aws|aws-cn|aws-us-gov):iam::[0-9]*:(role)\/.*'

Security assessment

ARN pattern enforcement prevents misconfiguration of IAM roles. This mitigates risks of privilege escalation by ensuring only valid role ARNs are accepted, directly addressing security best practices for IAM.

Diff

diff --git a/AWSCloudFormation/latest/TemplateReference/aws-resource-servicecatalog-launchroleconstraint.md b/AWSCloudFormation/latest/TemplateReference/aws-resource-servicecatalog-launchroleconstraint.md
index c9a66d2a4..c1d037336 100644
--- a//AWSCloudFormation/latest/TemplateReference/aws-resource-servicecatalog-launchroleconstraint.md
+++ b//AWSCloudFormation/latest/TemplateReference/aws-resource-servicecatalog-launchroleconstraint.md
@@ -138,0 +139,2 @@ _Required_ : No
+ _Pattern_ : `arn:(aws|aws-cn|aws-us-gov):iam::[0-9]*:(role)\/.*`
+