AWS AmazonCloudFront medium security documentation change
Summary
Added two new OCSP-related failure fields to connection logs and changed a section title.
Security assessment
Adding Failed:ClientCertOcspProcessingError and Failed:ClientCertOcspDenied fields directly relates to certificate revocation checks, a critical security control. This indicates enhanced monitoring for revoked certificates which prevents MITM attacks.
Diff
diff --git a/AmazonCloudFront/latest/DeveloperGuide/connection-logs.md b/AmazonCloudFront/latest/DeveloperGuide/connection-logs.md index f02927ddf..9e98145f8 100644 --- a//AmazonCloudFront/latest/DeveloperGuide/connection-logs.md +++ b//AmazonCloudFront/latest/DeveloperGuide/connection-logs.md @@ -152,0 +153,2 @@ Field | Description | Example + Failed:ClientCertOcspProcessingError + Failed:ClientCertOcspDenied @@ -186 +188 @@ To use the Amazon Web Services Documentation, Javascript must be enabled. Please -Revocation using CloudFront Connection Function and KVS +Additional validation modes