AWS cli documentation change
Summary
Added TLS policy configuration and mutual TLS authentication (mTLS) support for ingress points, including trust store configuration with CA certificates, CRLs, and KMS encryption
Security assessment
This change adds documentation for new security features including TLS policy enforcement (REQUIRED, OPTIONAL, FIPS), mutual TLS authentication, and secure trust store management with KMS encryption. While these are security enhancements, there's no evidence they address a specific security vulnerability or incident.
Diff
diff --git a/cli/latest/reference/mailmanager/create-ingress-point.md b/cli/latest/reference/mailmanager/create-ingress-point.md index 10d40eba6..a86fbecec 100644 --- a//cli/latest/reference/mailmanager/create-ingress-point.md +++ b//cli/latest/reference/mailmanager/create-ingress-point.md @@ -15 +15 @@ - * [AWS CLI 2.34.20 Command Reference](../../index.html) » + * [AWS CLI 2.34.21 Command Reference](../../index.html) » @@ -73,0 +74 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/mailma + [--tls-policy <value>] @@ -130,0 +132 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/mailma +> * `MTLS` @@ -162 +164 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/mailma -> This is a Tagged Union structure. Only one of the following top level keys can be set: `SmtpPassword`, `SecretArn`. +> This is a Tagged Union structure. Only one of the following top level keys can be set: `SmtpPassword`, `SecretArn`, `TlsAuthConfiguration`. @@ -184,0 +187,42 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/mailma +> +> TlsAuthConfiguration -> (structure) +> +>> The mutual TLS authentication configuration of the ingress endpoint resource. +>> +>> TrustStore -> (structure) +>> +>>> The trust store configuration for mutual TLS authentication. +>>> +>>> CAContent -> (string) [required] +>>> +>>>> The PEM-encoded certificate authority (CA) certificates bundle for the trust store. +>>>> +>>>> Constraints: +>>>> +>>>> * min: `1` +>>>> * max: `500000` +>>>> * pattern: `[\P{C}\s]*` +>>>> + +>>> +>>> CrlContent -> (string) +>>> +>>>> The PEM-encoded certificate revocation lists (CRLs) for the trust store. There can be one CRL per certificate authority (CA) in the trust store. +>>>> +>>>> Constraints: +>>>> +>>>> * min: `1` +>>>> * max: `500000` +>>>> * pattern: `[\P{C}\s]*` +>>>> + +>>> +>>> KmsKeyArn -> (string) +>>> +>>>> The Amazon Resource Name (ARN) of the KMS key used to encrypt the trust store contents. +>>>> +>>>> Constraints: +>>>> +>>>> * pattern: `arn:aws(|-cn|-us-gov|-eusc):kms:[a-z0-9-]{1,20}:[0-9]{12}:(key|alias)/.+` +>>>> + @@ -189 +233 @@ Shorthand Syntax: - SmtpPassword=string,SecretArn=string + SmtpPassword=string,SecretArn=string,TlsAuthConfiguration={TrustStore={CAContent=string,CrlContent=string,KmsKeyArn=string}} @@ -197 +241,8 @@ JSON Syntax: - "SecretArn": "string" + "SecretArn": "string", + "TlsAuthConfiguration": { + "TrustStore": { + "CAContent": "string", + "CrlContent": "string", + "KmsKeyArn": "string" + } + } @@ -256,0 +308,12 @@ JSON Syntax: +`--tls-policy` (string) + +> The Transport Layer Security (TLS) policy for the ingress point. The FIPS value is only valid in US and Canada regions. +> +> Possible values: +> +> * `REQUIRED` +> * `OPTIONAL` +> * `FIPS` +> + + @@ -448 +511 @@ IngressPointId -> (string) - * [AWS CLI 2.34.20 Command Reference](../../index.html) » + * [AWS CLI 2.34.21 Command Reference](../../index.html) »