AWS ram documentation change
Summary
Updated sharing permissions for Private Certificate Authorities (CAs) to allow sharing with OUs or organization (changed from 'No' to 'Yes')
Security assessment
This change expands the sharing capabilities of Private CAs to include Organizational Units (OUs) or entire organizations, which is a feature enhancement rather than addressing a security vulnerability. The documentation update clarifies security-related sharing permissions for certificate authorities.
Diff
diff --git a/ram/latest/userguide/shareable.md b/ram/latest/userguide/shareable.md index cf8288cbf..1b25f15a9 100644 --- a//ram/latest/userguide/shareable.md +++ b//ram/latest/userguide/shareable.md @@ -286 +286 @@ Resource type and code | Use case | Can share with IAM users and roles | Can sha -Private certificate authority (CAs) `acm-pca:CertificateAuthority` | Create and manage private certificate authorities (CAs) for your organization’s internal public key infrastructure (PKI), and share those CAs with other AWS accounts or your organization. This lets AWS Certificate Manager users in other accounts issue X.509 certificates signed by your shared CA. For more information, see [Controlling access to a private CA](https://docs.aws.amazon.com/acm-pca/latest/userguide/granting-ca-access.html) in the _AWS Private Certificate Authority User Guide_. | Yes | Yes Can share with **any** AWS account. | No | Yes +Private certificate authority (CAs) `acm-pca:CertificateAuthority` | Create and manage private certificate authorities (CAs) for your organization’s internal public key infrastructure (PKI), and share those CAs with other AWS accounts or your organization. This lets AWS Certificate Manager users in other accounts issue X.509 certificates signed by your shared CA. For more information, see [Controlling access to a private CA](https://docs.aws.amazon.com/acm-pca/latest/userguide/granting-ca-access.html) in the _AWS Private Certificate Authority User Guide_. | Yes | Yes Can share with **any** AWS account. | Yes | Yes