AWS Security ChangesHomeSearch

AWS IAM medium security documentation change

Service: IAM · 2025-03-02 · Security-related medium

File: IAM/latest/UserGuide/id_roles_common-scenarios_third-party.md

Summary

Added character length and format requirements for the ExternalId value in role policies

Security assessment

The change specifies security requirements for ExternalId values, which are used to enhance security in third-party role assumptions by adding constraints to prevent misuse or weak configurations.

Diff

diff --git a/IAM/latest/UserGuide/id_roles_common-scenarios_third-party.md
index ccc522d17..fac678661 100644
--- a/IAM/latest/UserGuide/id_roles_common-scenarios_third-party.md
+++ b/IAM/latest/UserGuide/id_roles_common-scenarios_third-party.md
@@ -96,0 +97,2 @@ In other words, when a role policy includes an external ID, anyone who wants to
+  * The `ExternalId` value must have a minimum of 2 characters and a maximum of 1,224 characters. The value must be alphanumeric without white space. It can also include the following symbols: plus (+), equal (=), comma (,), period (.), at (@), colon (:), forward slash (/), and hyphen (-).
+