AWS Security ChangesHomeSearch

AWS AmazonCloudFront medium security documentation change

Service: AmazonCloudFront · 2026-05-16 · Security-related medium

File: AmazonCloudFront/latest/DeveloperGuide/connection-logs.md

Summary

Added two new OCSP-related failure fields to connection logs and changed a section title.

Security assessment

Adding Failed:ClientCertOcspProcessingError and Failed:ClientCertOcspDenied fields directly relates to certificate revocation checks, a critical security control. This indicates enhanced monitoring for revoked certificates which prevents MITM attacks.

Diff

diff --git a/AmazonCloudFront/latest/DeveloperGuide/connection-logs.md b/AmazonCloudFront/latest/DeveloperGuide/connection-logs.md
index f02927ddf..9e98145f8 100644
--- a//AmazonCloudFront/latest/DeveloperGuide/connection-logs.md
+++ b//AmazonCloudFront/latest/DeveloperGuide/connection-logs.md
@@ -152,0 +153,2 @@ Field | Description | Example
+    Failed:ClientCertOcspProcessingError
+    Failed:ClientCertOcspDenied
@@ -186 +188 @@ To use the Amazon Web Services Documentation, Javascript must be enabled. Please
-Revocation using CloudFront Connection Function and KVS
+Additional validation modes