AWS Security ChangesHomeSearch

AWS AWSCloudFormation documentation change

Service: AWSCloudFormation · 2026-03-22 · Documentation low

File: AWSCloudFormation/latest/TemplateReference/aws-resource-logs-loggroup.md

Summary

Added documentation for the new 'BearerTokenAuthenticationEnabled' property for CloudWatch Logs log groups, which controls whether bearer token authentication is allowed for operations on the log group.

Security assessment

This change documents a new security feature (bearer token authentication) for CloudWatch Logs log groups. It adds a property that allows enabling/disabling this authentication method. There is no evidence in the diff that this change addresses a specific security vulnerability or incident; it appears to be documenting a new security capability.

Diff

diff --git a/AWSCloudFormation/latest/TemplateReference/aws-resource-logs-loggroup.md b/AWSCloudFormation/latest/TemplateReference/aws-resource-logs-loggroup.md
index 543ecbd7c..2a53a403c 100644
--- a//AWSCloudFormation/latest/TemplateReference/aws-resource-logs-loggroup.md
+++ b//AWSCloudFormation/latest/TemplateReference/aws-resource-logs-loggroup.md
@@ -31,0 +32 @@ To declare this entity in your CloudFormation template, use the following syntax
+          "BearerTokenAuthenticationEnabled" : Boolean,
@@ -49,0 +51 @@ To declare this entity in your CloudFormation template, use the following syntax
+      BearerTokenAuthenticationEnabled: Boolean
@@ -65,0 +68,11 @@ To declare this entity in your CloudFormation template, use the following syntax
+`BearerTokenAuthenticationEnabled`
+    
+
+Indicates whether bearer token authentication is enabled for this log group. When enabled, bearer token authentication is allowed on operations until it is explicitly disabled.
+
+_Required_ : No
+
+ _Type_ : Boolean
+
+ _Update requires_ : [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)
+