AWS AWSCloudFormation documentation change
Summary
Added clarification about service-linked role requirements for UNMANAGED environments and expanded state property description.
Security assessment
Documents IAM role requirements which is security best practice, but doesn't address a specific vulnerability. Highlights security configuration needs for compute environments.
Diff
diff --git a/AWSCloudFormation/latest/TemplateReference/aws-resource-batch-computeenvironment.md b/AWSCloudFormation/latest/TemplateReference/aws-resource-batch-computeenvironment.md index 059190996..8793bbc1b 100644 --- a//AWSCloudFormation/latest/TemplateReference/aws-resource-batch-computeenvironment.md +++ b//AWSCloudFormation/latest/TemplateReference/aws-resource-batch-computeenvironment.md @@ -187,0 +188,2 @@ If your account already created the AWS Batch service-linked role, that role is +This automatic service-linked role creation only applies to `MANAGED` compute environments. For `UNMANAGED` compute environments, you must explicitly specify a `serviceRole`. + @@ -203 +205,3 @@ _Required_ : No -The state of the compute environment. If the state is `ENABLED`, then the compute environment accepts jobs from a queue and can scale out automatically based on queues. +The state of the compute environment. A compute environment must be created in the `ENABLED` state. + +If the state is `ENABLED`, then the compute environment accepts jobs from a queue and can scale out automatically based on queues.