AWS AWSCloudFormation documentation change
Summary
Added documentation for the new 'BearerTokenAuthenticationEnabled' property for CloudWatch Logs log groups, which controls whether bearer token authentication is allowed for operations on the log group.
Security assessment
This change documents a new security feature (bearer token authentication) for CloudWatch Logs log groups. It adds a property that allows enabling/disabling this authentication method. There is no evidence in the diff that this change addresses a specific security vulnerability or incident; it appears to be documenting a new security capability.
Diff
diff --git a/AWSCloudFormation/latest/TemplateReference/aws-resource-logs-loggroup.md b/AWSCloudFormation/latest/TemplateReference/aws-resource-logs-loggroup.md index 543ecbd7c..2a53a403c 100644 --- a//AWSCloudFormation/latest/TemplateReference/aws-resource-logs-loggroup.md +++ b//AWSCloudFormation/latest/TemplateReference/aws-resource-logs-loggroup.md @@ -31,0 +32 @@ To declare this entity in your CloudFormation template, use the following syntax + "BearerTokenAuthenticationEnabled" : Boolean, @@ -49,0 +51 @@ To declare this entity in your CloudFormation template, use the following syntax + BearerTokenAuthenticationEnabled: Boolean @@ -65,0 +68,11 @@ To declare this entity in your CloudFormation template, use the following syntax +`BearerTokenAuthenticationEnabled` + + +Indicates whether bearer token authentication is enabled for this log group. When enabled, bearer token authentication is allowed on operations until it is explicitly disabled. + +_Required_ : No + + _Type_ : Boolean + + _Update requires_ : [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) +