AWS Security ChangesHomeSearch

AWS network-firewall documentation change

Service: network-firewall · 2026-03-16 · Documentation medium

File: network-firewall/latest/developerguide/tls-inspection-certificate-requirements.md

Summary

Clarified that AWS Certificate Manager public certificates can be used despite cross-signing limitations

Security assessment

Improves documentation about certificate validation requirements for TLS inspection security feature

Diff

diff --git a/network-firewall/latest/developerguide/tls-inspection-certificate-requirements.md b/network-firewall/latest/developerguide/tls-inspection-certificate-requirements.md
index 7d6dc5e64..1a18f6dd6 100644
--- a//network-firewall/latest/developerguide/tls-inspection-certificate-requirements.md
+++ b//network-firewall/latest/developerguide/tls-inspection-certificate-requirements.md
@@ -47 +47 @@ For server certificates for inbound inspection, Network Firewall supports the sa
-Network Firewall can't validate cross-signed root certificates, such as those issued by Let's Encrypt. Usage of cross-signed certificates can cause asynchronous failures in your firewall.
+Network Firewall can't validate cross-signed root certificates, such as those issued by Let's Encrypt. AWS Certificate Manager public certificates are cross-signed but can be used for TLS inspection. Usage of cross-signed certificates can cause asynchronous failures in your firewall.