AWS AWSCloudFormation high security documentation change
Summary
Added UseClientCertificateOCSPEndpoint for real-time certificate revocation checks
Security assessment
Enables OCSP validation to prevent use of revoked certificates, addressing potential MITM attacks.
Diff
diff --git a/AWSCloudFormation/latest/TemplateReference/aws-resource-cloudfront-truststore.md b/AWSCloudFormation/latest/TemplateReference/aws-resource-cloudfront-truststore.md index cd4c5d002..c5221e5ba 100644 --- a//AWSCloudFormation/latest/TemplateReference/aws-resource-cloudfront-truststore.md +++ b//AWSCloudFormation/latest/TemplateReference/aws-resource-cloudfront-truststore.md @@ -25 +25,2 @@ To declare this entity in your CloudFormation template, use the following syntax - "Tags" : [ [Tag](./aws-properties-cloudfront-truststore-tag.html), ... ] + "Tags" : [ [Tag](./aws-properties-cloudfront-truststore-tag.html), ... ], + "UseClientCertificateOCSPEndpoint" : Boolean @@ -39,0 +41 @@ To declare this entity in your CloudFormation template, use the following syntax + UseClientCertificateOCSPEndpoint: Boolean @@ -76,0 +79,11 @@ _Required_ : No +`UseClientCertificateOCSPEndpoint` + + +A boolean. When true, performs real-time certificate revocation checks by querying the OCSP endpoint specified within the client certificate. + +_Required_ : No + + _Type_ : Boolean + + _Update requires_ : [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) +