AWS iot documentation change
Summary
Updated TLS security policy documentation to reflect regional availability changes, added new FIPS policy for AWS GovCloud (US), and clarified default security policies for different regions
Security assessment
The changes add documentation for a new FIPS-compliant TLS security policy (IoTSecurityPolicy_TLS13_1_2_2022_01) specifically for AWS GovCloud regions. While this enhances security documentation by covering compliance requirements, there's no evidence of addressing a specific vulnerability or incident. The updates clarify regional policy availability but don't indicate a security fix.
Diff
diff --git a/iot/latest/developerguide/iot-endpoints-tls-config.md b/iot/latest/developerguide/iot-endpoints-tls-config.md index b4c0aa999..8f45c71fb 100644 --- a//iot/latest/developerguide/iot-endpoints-tls-config.md +++ b//iot/latest/developerguide/iot-endpoints-tls-config.md @@ -17,2 +17,2 @@ Security policy name | Supported AWS Regions -IoTSecurityPolicy_TLS13_1_3_2022_10 | All AWS Regions -IoTSecurityPolicy_TLS13_1_2_2022_10 | All AWS Regions +IoTSecurityPolicy_TLS13_1_3_2022_10 | All AWS Regions, excluding AWS GovCloud (US) +IoTSecurityPolicy_TLS13_1_2_2022_10 | All AWS Regions, excluding AWS GovCloud (US) @@ -21,0 +22 @@ IoTSecurityPolicy_TLS12_1_0_2015_01 | ap-northeast-1, ap-southeast-1, eu-central +IoTSecurityPolicy_TLS13_1_2_2022_01 | AWS GovCloud (US) only (FIPS policy) @@ -23 +24 @@ IoTSecurityPolicy_TLS12_1_0_2015_01 | ap-northeast-1, ap-southeast-1, eu-central -The names of the security policies in AWS IoT Core include version information based on the year and month that they were released. If you create a new domain configuration, the security policy will default to `IoTSecurityPolicy_TLS13_1_2_2022_10`. For a complete table of security policies with details of protocols, TCP ports, and ciphers, see [Security polices](./transport-security.html#tls-policy-table). AWS IoT Core doesn't support custom security policies. For more information, see [Transport security in AWS IoT Core](./transport-security.html). +The names of the security policies in AWS IoT Core include version information based on the year and month that they were released. If you create a new domain configuration, the security policy will default to `IoTSecurityPolicy_TLS13_1_2_2022_10` for all regions excluding AWS GovCloud (US). For AWS GovCloud (US) regions, the security policy will default to `IoTSecurityPolicy_TLS13_1_2_2022_01`, which is the FIPS policy. For non-FIPS endpoints in AWS GovCloud (US) regions you can use the `IoTSecurityPolicy_TLS12_1_2_2022_10`. For a complete table of security policies with details of protocols, TCP ports, and ciphers, see [Security polices](./transport-security.html#tls-policy-table). AWS IoT Core doesn't support custom security policies. For more information, see [Transport security in AWS IoT Core](./transport-security.html).