AWS Security ChangesHomeSearch

AWS cli medium security documentation change

Service: cli · 2026-06-16 · Security-related medium

File: cli/latest/reference/acm/describe-certificate.md

Summary

Updated certificate transparency documentation to reflect mandatory logging

Security assessment

Removes opt-out capability for certificate transparency logging, enforcing security best practice. Prevents malicious certificate issuance by mandating public logging.

Diff

diff --git a/cli/latest/reference/acm/describe-certificate.md b/cli/latest/reference/acm/describe-certificate.md
index 1490a0fb0..f7e7e6a32 100644
--- a//cli/latest/reference/acm/describe-certificate.md
+++ b//cli/latest/reference/acm/describe-certificate.md
@@ -15 +15 @@
-  * [AWS CLI 2.35.3 Command Reference](../../index.html) »
+  * [AWS CLI 2.35.5 Command Reference](../../index.html) »
@@ -867 +867 @@ Certificate -> (structure)
->> Value that specifies whether to add the certificate to a transparency log. Certificate transparency makes it possible to detect SSL certificates that have been mistakenly or maliciously issued. A browser might respond to certificate that has not been logged by showing an error message. The logs are cryptographically secure.
+>> Contains the certificate options. Certificate transparency logging opt-out is no longer available. All public certificates are recorded in a certificate transparency log.
@@ -871 +871 @@ Certificate -> (structure)
->>> You can opt out of certificate transparency logging by specifying the `DISABLED` option. Opt in by specifying `ENABLED` .
+>>> This parameter has been deprecated. Certificate transparency logging opt-out is no longer available. All public certificates are recorded in a certificate transparency log.
@@ -901 +901 @@ Certificate -> (structure)
-  * [AWS CLI 2.35.3 Command Reference](../../index.html) »
+  * [AWS CLI 2.35.5 Command Reference](../../index.html) »