AWS AWSCloudFormation documentation change
Summary
Added SessionName property for IAM role sessions and expanded user Type to include IAM_ROLE_SESSION
Security assessment
The SessionName property (with 2-64 character limits) documents secure session handling for IAM roles. Adding IAM_ROLE_SESSION type enhances RBAC documentation but doesn't address any specific security flaw.
Diff
diff --git a/AWSCloudFormation/latest/TemplateReference/aws-resource-datazone-userprofile.md b/AWSCloudFormation/latest/TemplateReference/aws-resource-datazone-userprofile.md index 468646508..2215907a7 100644 --- a//AWSCloudFormation/latest/TemplateReference/aws-resource-datazone-userprofile.md +++ b//AWSCloudFormation/latest/TemplateReference/aws-resource-datazone-userprofile.md @@ -23,0 +24 @@ To declare this entity in your CloudFormation template, use the following syntax + "SessionName" : String, @@ -36,0 +38 @@ To declare this entity in your CloudFormation template, use the following syntax + SessionName: String @@ -56,0 +59,15 @@ _Update requires_ : [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/ +`SessionName` + + +The session name for IAM role sessions. + +_Required_ : No + + _Type_ : String + + _Minimum_ : `2` + + _Maximum_ : `64` + + _Update requires_ : [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) + @@ -92 +109 @@ _Required_ : No - _Allowed values_ : `IAM_USER | IAM_ROLE | SSO_USER` + _Allowed values_ : `IAM_USER | IAM_ROLE | SSO_USER | IAM_ROLE_SESSION`