AWS IAM medium security documentation change
Summary
Added character length and format requirements for the ExternalId value in role policies
Security assessment
The change specifies security requirements for ExternalId values, which are used to enhance security in third-party role assumptions by adding constraints to prevent misuse or weak configurations.
Diff
diff --git a/IAM/latest/UserGuide/id_roles_common-scenarios_third-party.md index ccc522d17..fac678661 100644 --- a/IAM/latest/UserGuide/id_roles_common-scenarios_third-party.md +++ b/IAM/latest/UserGuide/id_roles_common-scenarios_third-party.md @@ -96,0 +97,2 @@ In other words, when a role policy includes an external ID, anyone who wants to + * The `ExternalId` value must have a minimum of 2 characters and a maximum of 1,224 characters. The value must be alphanumeric without white space. It can also include the following symbols: plus (+), equal (=), comma (,), period (.), at (@), colon (:), forward slash (/), and hyphen (-). +