AWS AWSCloudFormation documentation change
Summary
Added ClientCertificateAttribute property to RuleStringToEvaluate for evaluating client certificate attributes in string conditions
Security assessment
The change adds documentation for evaluating client certificate attributes (like CN, SAN fields, serial numbers) in rule conditions. This enables more granular security policies based on certificate attributes but doesn't fix a specific security issue.
Diff
diff --git a/AWSCloudFormation/latest/TemplateReference/aws-properties-ses-mailmanagerruleset-rulestringtoevaluate.md b/AWSCloudFormation/latest/TemplateReference/aws-properties-ses-mailmanagerruleset-rulestringtoevaluate.md index a1793c8ca..f50011cad 100644 --- a//AWSCloudFormation/latest/TemplateReference/aws-properties-ses-mailmanagerruleset-rulestringtoevaluate.md +++ b//AWSCloudFormation/latest/TemplateReference/aws-properties-ses-mailmanagerruleset-rulestringtoevaluate.md @@ -24,0 +25 @@ To declare this entity in your CloudFormation template, use the following syntax + "ClientCertificateAttribute" : String, @@ -34,0 +36 @@ To declare this entity in your CloudFormation template, use the following syntax + ClientCertificateAttribute: String @@ -63,0 +66,13 @@ _Required_ : No +`ClientCertificateAttribute` + + +The client certificate attribute to evaluate in a string condition expression. + +_Required_ : No + + _Type_ : String + + _Allowed values_ : `CN | SAN_RFC822_NAME | SAN_DNS_NAME | SAN_DIRECTORY_NAME | SAN_UNIFORM_RESOURCE_IDENTIFIER | SAN_IP_ADDRESS | SAN_REGISTERED_ID | SERIAL_NUMBER` + + _Update requires_ : [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) +