AWS Security ChangesHomeSearch

AWS AWSCloudFormation high security documentation change

Service: AWSCloudFormation · 2026-05-07 · Security-related high

File: AWSCloudFormation/latest/TemplateReference/aws-resource-cloudfront-truststore.md

Summary

Added UseClientCertificateOCSPEndpoint for real-time certificate revocation checks

Security assessment

Enables OCSP validation to prevent use of revoked certificates, addressing potential MITM attacks.

Diff

diff --git a/AWSCloudFormation/latest/TemplateReference/aws-resource-cloudfront-truststore.md b/AWSCloudFormation/latest/TemplateReference/aws-resource-cloudfront-truststore.md
index cd4c5d002..c5221e5ba 100644
--- a//AWSCloudFormation/latest/TemplateReference/aws-resource-cloudfront-truststore.md
+++ b//AWSCloudFormation/latest/TemplateReference/aws-resource-cloudfront-truststore.md
@@ -25 +25,2 @@ To declare this entity in your CloudFormation template, use the following syntax
-          "Tags" : [ [Tag](./aws-properties-cloudfront-truststore-tag.html), ... ]
+          "Tags" : [ [Tag](./aws-properties-cloudfront-truststore-tag.html), ... ],
+          "UseClientCertificateOCSPEndpoint" : Boolean
@@ -39,0 +41 @@ To declare this entity in your CloudFormation template, use the following syntax
+      UseClientCertificateOCSPEndpoint: Boolean
@@ -76,0 +79,11 @@ _Required_ : No
+`UseClientCertificateOCSPEndpoint`
+    
+
+A boolean. When true, performs real-time certificate revocation checks by querying the OCSP endpoint specified within the client certificate.
+
+_Required_ : No
+
+ _Type_ : Boolean
+
+ _Update requires_ : [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)
+