AWS Security ChangesHomeSearch

AWS cli documentation change

Service: cli · 2026-04-01 · Documentation low

File: cli/latest/reference/mailmanager/get-ingress-point.md

Summary

Added support for mutual TLS (mTLS) authentication configuration including trust store management with CA certificates, CRLs, and KMS encryption, plus TLS policy options and new status/type values for AWS MailManager ingress points.

Security assessment

This change adds comprehensive documentation for new security features including mutual TLS authentication, trust store configuration with certificate authority bundles and revocation lists, KMS encryption for trust store contents, and TLS policy enforcement. While these are security enhancements, there's no evidence in the diff that this addresses a specific security vulnerability or incident - it appears to be adding new security capabilities rather than fixing existing issues.

Diff

diff --git a/cli/latest/reference/mailmanager/get-ingress-point.md b/cli/latest/reference/mailmanager/get-ingress-point.md
index acf595cce..f4ea186f3 100644
--- a//cli/latest/reference/mailmanager/get-ingress-point.md
+++ b//cli/latest/reference/mailmanager/get-ingress-point.md
@@ -15 +15 @@
-  * [AWS CLI 2.34.20 Command Reference](../../index.html) »
+  * [AWS CLI 2.34.21 Command Reference](../../index.html) »
@@ -67,0 +68 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/mailma
+    [--include-trust-store-contents <value>]
@@ -103,0 +105,11 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/mailma
+`--include-trust-store-contents` (string)
+
+> Whether to include the trust store contents in the response. Use INCLUDE to retrieve trust store certificate and CRL contents.
+> 
+> Possible values:
+> 
+>   * `EXCLUDE`
+>   * `INCLUDE`
+> 
+
+
@@ -255,0 +268 @@ Status -> (string)
+>   * `ASSOCIATED_VPC_ENDPOINT_DOES_NOT_EXIST`
@@ -266,0 +280 @@ Type -> (string)
+>   * `MTLS`
@@ -324,0 +339,42 @@ IngressPointAuthConfiguration -> (structure)
+> 
+> TlsAuthConfiguration -> (structure)
+>
+>> The mutual TLS authentication configuration for the ingress endpoint resource.
+>> 
+>> TrustStore -> (structure)
+>>
+>>> The trust store configuration for mutual TLS authentication.
+>>> 
+>>> CAContent -> (string) [required]
+>>>
+>>>> The PEM-encoded certificate authority (CA) certificates bundle for the trust store.
+>>>> 
+>>>> Constraints:
+>>>> 
+>>>>   * min: `1`
+>>>>   * max: `500000`
+>>>>   * pattern: `[\P{C}\s]*`
+>>>> 
+
+>>> 
+>>> CrlContent -> (string)
+>>>
+>>>> The PEM-encoded certificate revocation lists (CRLs) for the trust store. There can be one CRL per certificate authority (CA) in the trust store.
+>>>> 
+>>>> Constraints:
+>>>> 
+>>>>   * min: `1`
+>>>>   * max: `500000`
+>>>>   * pattern: `[\P{C}\s]*`
+>>>> 
+
+>>> 
+>>> KmsKeyArn -> (string)
+>>>
+>>>> The Amazon Resource Name (ARN) of the KMS key used to encrypt the trust store contents.
+>>>> 
+>>>> Constraints:
+>>>> 
+>>>>   * pattern: `arn:aws(|-cn|-us-gov|-eusc):kms:[a-z0-9-]{1,20}:[0-9]{12}:(key|alias)/.+`
+>>>> 
+
@@ -362,0 +419,12 @@ NetworkConfiguration -> (tagged union structure)
+TlsPolicy -> (string)
+
+> The selected Transport Layer Security (TLS) policy of the ingress point.
+> 
+> Possible values:
+> 
+>   * `REQUIRED`
+>   * `OPTIONAL`
+>   * `FIPS`
+> 
+
+
@@ -381 +449 @@ LastUpdatedTimestamp -> (timestamp)
-  * [AWS CLI 2.34.20 Command Reference](../../index.html) »
+  * [AWS CLI 2.34.21 Command Reference](../../index.html) »