AWS Security ChangesHomeSearch

AWS config documentation change

Service: config · 2026-05-01 · Documentation medium

File: config/latest/developerguide/cloudfront-distribution-key-group-enabled.md

Summary

Updated rule description to clarify non-compliance when no authentication is configured

Security assessment

This change improves documentation for a security rule by clarifying that distributions without authentication are non-compliant. It documents a security control but doesn't indicate a specific security issue.

Diff

diff --git a/config/latest/developerguide/cloudfront-distribution-key-group-enabled.md b/config/latest/developerguide/cloudfront-distribution-key-group-enabled.md
index d398f6cd6..833cedfec 100644
--- a//config/latest/developerguide/cloudfront-distribution-key-group-enabled.md
+++ b//config/latest/developerguide/cloudfront-distribution-key-group-enabled.md
@@ -11 +11 @@ AWS CloudFormation template
-Checks if Amazon CloudFront distributions are configured to use only trusted key groups for signed URL or signed cookie authentication for all cache behaviors. The rule is NON_COMPLIANT if any cache behavior in the distribution is using trusted signers. 
+Checks whether Amazon CloudFront distributions use only trusted key groups for signed URL or signed cookie authentication for all cache behaviors. The rule is NON_COMPLIANT if cache behaviors use trusted signers or no authentication is configured.