Oleg

Same problem. Our images have our corporate CA Root certs inserted to their CA Trust Stores (for RHEL it is copy the certs to /etc/pki/ca-trust/source/anchors/ and run update-ca-trust). Not sure...

We are seeing this on AWS::IAM::ManagedPolicy and AWS::Events::Rule resources in our accounts in us-east-1 region. All good in in us-east-2 (and possibly other accounts).