AWS marketplace documentation change
Summary
Updated registration token expiration time from approximately 1 hour to 4 hours
Security assessment
Change adjusts token expiration duration but does not address a specific security vulnerability or weakness. No evidence of security incident remediation.
Diff
diff --git a/marketplace/latest/userguide/saas-product-customer-setup.md index b632495d4..f852d6f2d 100644 --- a/marketplace/latest/userguide/saas-product-customer-setup.md +++ b/marketplace/latest/userguide/saas-product-customer-setup.md @@ -62 +62 @@ Do not activate a product subscription unless you receive a `subscribe-success` -As a seller, it’s your responsibility to trust only customer identifiers that are immediately returned from AWS or those that your system has signed. We recommend that you resolve the registration token immediately because it may expire after approximately 1 hour. After you resolve the registration token, store the customer identifier as a signed attribute on the customer’s browser session until the registration is complete. +As a seller, it’s your responsibility to trust only customer identifiers that are immediately returned from AWS or those that your system has signed. We recommend that you resolve the registration token immediately because it expires after four hours. After you resolve the registration token, store the customer identifier as a signed attribute on the customer’s browser session until the registration is complete.