AWS Security ChangesHomeSearch

AWS cli documentation change

Service: cli · 2026-04-07 · Documentation low

File: cli/latest/reference/payment-cryptography/get-public-key-certificate.md

Summary

Updated certificate validity description to clarify that certificates are valid for 90 days and the service returns cached certificates with at least 30 days of remaining validity

Security assessment

This change clarifies certificate caching behavior and validity periods, which are important for understanding certificate lifecycle management. However, it appears to be documentation clarification rather than addressing a security issue.

Diff

diff --git a/cli/latest/reference/payment-cryptography/get-public-key-certificate.md b/cli/latest/reference/payment-cryptography/get-public-key-certificate.md
index e05759f5f..0df3883f0 100644
--- a//cli/latest/reference/payment-cryptography/get-public-key-certificate.md
+++ b//cli/latest/reference/payment-cryptography/get-public-key-certificate.md
@@ -15 +15 @@
-  * [AWS CLI 2.34.23 Command Reference](../../index.html) »
+  * [AWS CLI 2.34.25 Command Reference](../../index.html) »
@@ -281 +281 @@ KeyCertificate -> (string)
-> The public key component of the asymmetric key pair in a certificate PEM format (base64 encoded). It is signed by the root certificate authority (CA). The certificate expires in 90 days.
+> The public key component of the asymmetric key pair in a certificate PEM format (base64 encoded). It is signed by the root certificate authority (CA). The certificate is valid for 90 days from the time it is issued. The service returns a cached certificate if one exists with at least 30 days of remaining validity. Otherwise, a new 90-day certificate is issued.
@@ -313 +313 @@ KeyCertificateChain -> (string)
-  * [AWS CLI 2.34.23 Command Reference](../../index.html) »
+  * [AWS CLI 2.34.25 Command Reference](../../index.html) »