AWS cli documentation change
Summary
Added TLS policy parameter and TLS authentication configuration options including mutual TLS authentication with trust store configuration (CA certificates, CRLs, and KMS key encryption)
Security assessment
This change adds documentation for new security features including TLS policy enforcement (REQUIRED, OPTIONAL, FIPS) and mutual TLS authentication configuration with trust store management. It enhances security documentation but doesn't indicate fixing a specific vulnerability. The addition of FIPS compliance option and KMS encryption for trust store contents are security enhancements.
Diff
diff --git a/cli/latest/reference/mailmanager/update-ingress-point.md b/cli/latest/reference/mailmanager/update-ingress-point.md index 8c9a23aec..d9077a071 100644 --- a//cli/latest/reference/mailmanager/update-ingress-point.md +++ b//cli/latest/reference/mailmanager/update-ingress-point.md @@ -15 +15 @@ - * [AWS CLI 2.34.20 Command Reference](../../index.html) » + * [AWS CLI 2.34.21 Command Reference](../../index.html) » @@ -72,0 +73 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/mailma + [--tls-policy <value>] @@ -160 +161 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/mailma -> This is a Tagged Union structure. Only one of the following top level keys can be set: `SmtpPassword`, `SecretArn`. +> This is a Tagged Union structure. Only one of the following top level keys can be set: `SmtpPassword`, `SecretArn`, `TlsAuthConfiguration`. @@ -182,0 +184,42 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/mailma +> +> TlsAuthConfiguration -> (structure) +> +>> The mutual TLS authentication configuration of the ingress endpoint resource. +>> +>> TrustStore -> (structure) +>> +>>> The trust store configuration for mutual TLS authentication. +>>> +>>> CAContent -> (string) [required] +>>> +>>>> The PEM-encoded certificate authority (CA) certificates bundle for the trust store. +>>>> +>>>> Constraints: +>>>> +>>>> * min: `1` +>>>> * max: `500000` +>>>> * pattern: `[\P{C}\s]*` +>>>> + +>>> +>>> CrlContent -> (string) +>>> +>>>> The PEM-encoded certificate revocation lists (CRLs) for the trust store. There can be one CRL per certificate authority (CA) in the trust store. +>>>> +>>>> Constraints: +>>>> +>>>> * min: `1` +>>>> * max: `500000` +>>>> * pattern: `[\P{C}\s]*` +>>>> + +>>> +>>> KmsKeyArn -> (string) +>>> +>>>> The Amazon Resource Name (ARN) of the KMS key used to encrypt the trust store contents. +>>>> +>>>> Constraints: +>>>> +>>>> * pattern: `arn:aws(|-cn|-us-gov|-eusc):kms:[a-z0-9-]{1,20}:[0-9]{12}:(key|alias)/.+` +>>>> + @@ -187 +230 @@ Shorthand Syntax: - SmtpPassword=string,SecretArn=string + SmtpPassword=string,SecretArn=string,TlsAuthConfiguration={TrustStore={CAContent=string,CrlContent=string,KmsKeyArn=string}} @@ -195 +238,8 @@ JSON Syntax: - "SecretArn": "string" + "SecretArn": "string", + "TlsAuthConfiguration": { + "TrustStore": { + "CAContent": "string", + "CrlContent": "string", + "KmsKeyArn": "string" + } + } @@ -198,0 +249,12 @@ JSON Syntax: +`--tls-policy` (string) + +> The Transport Layer Security (TLS) policy for the ingress point. Valid values are REQUIRED, OPTIONAL. Only ingress endpoints using REQUIRED or OPTIONAL as TlsPolicy can be updated. +> +> Possible values: +> +> * `REQUIRED` +> * `OPTIONAL` +> * `FIPS` +> + + @@ -324 +386 @@ None - * [AWS CLI 2.34.20 Command Reference](../../index.html) » + * [AWS CLI 2.34.21 Command Reference](../../index.html) »