AWS Security ChangesHomeSearch

AWS AWSCloudFormation documentation change

Service: AWSCloudFormation · 2026-05-22 · Documentation low

File: AWSCloudFormation/latest/TemplateReference/aws-resource-batch-computeenvironment.md

Summary

Added clarification about service-linked role requirements for UNMANAGED environments and expanded state property description.

Security assessment

Documents IAM role requirements which is security best practice, but doesn't address a specific vulnerability. Highlights security configuration needs for compute environments.

Diff

diff --git a/AWSCloudFormation/latest/TemplateReference/aws-resource-batch-computeenvironment.md b/AWSCloudFormation/latest/TemplateReference/aws-resource-batch-computeenvironment.md
index 059190996..8793bbc1b 100644
--- a//AWSCloudFormation/latest/TemplateReference/aws-resource-batch-computeenvironment.md
+++ b//AWSCloudFormation/latest/TemplateReference/aws-resource-batch-computeenvironment.md
@@ -187,0 +188,2 @@ If your account already created the AWS Batch service-linked role, that role is
+This automatic service-linked role creation only applies to `MANAGED` compute environments. For `UNMANAGED` compute environments, you must explicitly specify a `serviceRole`.
+
@@ -203 +205,3 @@ _Required_ : No
-The state of the compute environment. If the state is `ENABLED`, then the compute environment accepts jobs from a queue and can scale out automatically based on queues.
+The state of the compute environment. A compute environment must be created in the `ENABLED` state.
+
+If the state is `ENABLED`, then the compute environment accepts jobs from a queue and can scale out automatically based on queues.