AWS config documentation change
Summary
Updated rule description to clarify non-compliance when no authentication is configured
Security assessment
This change improves documentation for a security rule by clarifying that distributions without authentication are non-compliant. It documents a security control but doesn't indicate a specific security issue.
Diff
diff --git a/config/latest/developerguide/cloudfront-distribution-key-group-enabled.md b/config/latest/developerguide/cloudfront-distribution-key-group-enabled.md index d398f6cd6..833cedfec 100644 --- a//config/latest/developerguide/cloudfront-distribution-key-group-enabled.md +++ b//config/latest/developerguide/cloudfront-distribution-key-group-enabled.md @@ -11 +11 @@ AWS CloudFormation template -Checks if Amazon CloudFront distributions are configured to use only trusted key groups for signed URL or signed cookie authentication for all cache behaviors. The rule is NON_COMPLIANT if any cache behavior in the distribution is using trusted signers. +Checks whether Amazon CloudFront distributions use only trusted key groups for signed URL or signed cookie authentication for all cache behaviors. The rule is NON_COMPLIANT if cache behaviors use trusted signers or no authentication is configured.