AWS Security ChangesHomeSearch

AWS iot documentation change

Service: iot · 2026-05-04 · Documentation low

File: iot/latest/developerguide/iot-endpoints-tls-config.md

Summary

Updated TLS security policy documentation to reflect regional availability changes, added new FIPS policy for AWS GovCloud (US), and clarified default security policies for different regions

Security assessment

The changes add documentation for a new FIPS-compliant TLS security policy (IoTSecurityPolicy_TLS13_1_2_2022_01) specifically for AWS GovCloud regions. While this enhances security documentation by covering compliance requirements, there's no evidence of addressing a specific vulnerability or incident. The updates clarify regional policy availability but don't indicate a security fix.

Diff

diff --git a/iot/latest/developerguide/iot-endpoints-tls-config.md b/iot/latest/developerguide/iot-endpoints-tls-config.md
index b4c0aa999..8f45c71fb 100644
--- a//iot/latest/developerguide/iot-endpoints-tls-config.md
+++ b//iot/latest/developerguide/iot-endpoints-tls-config.md
@@ -17,2 +17,2 @@ Security policy name | Supported AWS Regions
-IoTSecurityPolicy_TLS13_1_3_2022_10 | All AWS Regions  
-IoTSecurityPolicy_TLS13_1_2_2022_10 | All AWS Regions  
+IoTSecurityPolicy_TLS13_1_3_2022_10 | All AWS Regions, excluding AWS GovCloud (US)  
+IoTSecurityPolicy_TLS13_1_2_2022_10 | All AWS Regions, excluding AWS GovCloud (US)  
@@ -21,0 +22 @@ IoTSecurityPolicy_TLS12_1_0_2015_01 | ap-northeast-1, ap-southeast-1, eu-central
+IoTSecurityPolicy_TLS13_1_2_2022_01 | AWS GovCloud (US) only (FIPS policy)  
@@ -23 +24 @@ IoTSecurityPolicy_TLS12_1_0_2015_01 | ap-northeast-1, ap-southeast-1, eu-central
-The names of the security policies in AWS IoT Core include version information based on the year and month that they were released. If you create a new domain configuration, the security policy will default to `IoTSecurityPolicy_TLS13_1_2_2022_10`. For a complete table of security policies with details of protocols, TCP ports, and ciphers, see [Security polices](./transport-security.html#tls-policy-table). AWS IoT Core doesn't support custom security policies. For more information, see [Transport security in AWS IoT Core](./transport-security.html).
+The names of the security policies in AWS IoT Core include version information based on the year and month that they were released. If you create a new domain configuration, the security policy will default to `IoTSecurityPolicy_TLS13_1_2_2022_10` for all regions excluding AWS GovCloud (US). For AWS GovCloud (US) regions, the security policy will default to `IoTSecurityPolicy_TLS13_1_2_2022_01`, which is the FIPS policy. For non-FIPS endpoints in AWS GovCloud (US) regions you can use the `IoTSecurityPolicy_TLS12_1_2_2022_10`. For a complete table of security policies with details of protocols, TCP ports, and ciphers, see [Security polices](./transport-security.html#tls-policy-table). AWS IoT Core doesn't support custom security policies. For more information, see [Transport security in AWS IoT Core](./transport-security.html).