AWS Security ChangesHomeSearch

AWS AWSCloudFormation high security documentation change

Service: AWSCloudFormation · 2026-07-10 · Security-related high

File: AWSCloudFormation/latest/TemplateReference/aws-properties-elasticache-user-authenticationmode.md

Summary

Added note restricting 'no-password-required' authentication for Valkey engine users

Security assessment

Explicitly prohibits insecure passwordless authentication for Valkey engine, enforcing password or IAM-based authentication to prevent unauthorized access.

Diff

diff --git a/AWSCloudFormation/latest/TemplateReference/aws-properties-elasticache-user-authenticationmode.md b/AWSCloudFormation/latest/TemplateReference/aws-properties-elasticache-user-authenticationmode.md
index 8f7200f70..6433f0f96 100644
--- a//AWSCloudFormation/latest/TemplateReference/aws-properties-elasticache-user-authenticationmode.md
+++ b//AWSCloudFormation/latest/TemplateReference/aws-properties-elasticache-user-authenticationmode.md
@@ -53,0 +54,4 @@ Specifies the authentication type. Possible options are IAM authentication, pass
+###### Note
+
+The `no-password-required` type is not supported for users with the Valkey engine. If you use the Valkey engine, specify `iam` or `password` authentication.
+