AWS Security ChangesHomeSearch

AWS AmazonCloudFront documentation change

Service: AmazonCloudFront · 2026-03-28 · Documentation low

File: AmazonCloudFront/latest/DeveloperGuide/trust-stores-certificate-management.md

Summary

Updated the AWS CLI command example for creating a trust store to use a new JSON structure for specifying the CA certificates bundle source, which now includes a 'Region' parameter.

Security assessment

This change updates a command syntax example, likely reflecting an API update. While certificate management is a security-related feature, the change itself is a syntax correction/update with no evidence of addressing a specific security vulnerability or weakness. The addition of a 'Region' parameter improves command specificity but does not indicate a security fix.

Diff

diff --git a/AmazonCloudFront/latest/DeveloperGuide/trust-stores-certificate-management.md b/AmazonCloudFront/latest/DeveloperGuide/trust-stores-certificate-management.md
index f941901e1..829d3b965 100644
--- a//AmazonCloudFront/latest/DeveloperGuide/trust-stores-certificate-management.md
+++ b//AmazonCloudFront/latest/DeveloperGuide/trust-stores-certificate-management.md
@@ -129 +129 @@ The CA certificate bundle is only read once from S3 when creating a trust store.
-      --certificate-authority-bundle-s3-location Bucket=my-bucket,Key=ca-bundle.pem \
+      --ca-certificates-bundle-source '{"CaCertificatesBundleS3Location":{"Bucket":"my-bucket","Key":"ca-bundle.pem","Region":"bucket-region"}}' \