AWS devopsagent documentation change
Summary
Updated TLS certificate requirements to mandate full PEM-encoded certificate chain (leaf to root CA) for private CA-signed certificates.
Security assessment
The change enhances TLS validation documentation for secure connections to private tools. While security-related, there's no indication of a specific vulnerability being fixed - it improves certificate validation completeness to prevent connection failures.
Diff
diff --git a/devopsagent/latest/userguide/configuring-integrations-and-knowledge-connecting-to-privately-hosted-tools.md b/devopsagent/latest/userguide/configuring-integrations-and-knowledge-connecting-to-privately-hosted-tools.md index adebe573c..b109a0429 100644 --- a//devopsagent/latest/userguide/configuring-integrations-and-knowledge-connecting-to-privately-hosted-tools.md +++ b//devopsagent/latest/userguide/configuring-integrations-and-knowledge-connecting-to-privately-hosted-tools.md @@ -166 +166 @@ Private connections are account-level resources. After you create a private conn - 13. (Optional) For **Certificate public key** , if the host address you specified uses TLS certificates issued by a private certificate authority, enter the PEM-encoded public key of the certificate. This allows AWS DevOps Agent to trust the TLS connection to your target service. + 13. (Optional) Complete this step if a private certificate authority (CA) issued the TLS certificates for your host address. For **Certificate public key** , enter the **full PEM-encoded certificate chain** for the target service. List the certificates in order: the leaf (server) certificate first, then all intermediate CA certificates, then the root CA certificate. If the chain is incomplete, the connection fails. AWS DevOps Agent then verifies and trusts the TLS connection.