AWS AWSCloudFormation medium security documentation change
Summary
Added note about security implications of increasing job timeout during infrastructure updates
Security assessment
Explicitly discusses security tradeoffs: delaying security patches (like kernel updates) when extending job timeouts during infrastructure updates. Highlights concrete security impact of configuration choices.
Diff
diff --git a/AWSCloudFormation/latest/TemplateReference/aws-properties-batch-computeenvironment-updatepolicy.md b/AWSCloudFormation/latest/TemplateReference/aws-properties-batch-computeenvironment-updatepolicy.md index f6c8541d1..cc14bc644 100644 --- a//AWSCloudFormation/latest/TemplateReference/aws-properties-batch-computeenvironment-updatepolicy.md +++ b//AWSCloudFormation/latest/TemplateReference/aws-properties-batch-computeenvironment-updatepolicy.md @@ -38 +38,5 @@ To declare this entity in your CloudFormation template, use the following syntax -Specifies the job timeout (in minutes) when the compute environment infrastructure is updated. The default value is 30. +Specifies the job timeout (in minutes) when the compute environment infrastructure is updated. The default value is 30. The maximum value is 7200. + +###### Note + +Increasing `jobExecutionTimeoutMinutes` during infrastructure updates delays the replacement of instances with new instances that include updates such as security patches, but provides more time for jobs to execute. Consider the security implications of this tradeoff when setting timeout values.