AWS Security ChangesHomeSearch

AWS workspaces documentation change

Service: workspaces · 2025-06-04 · Documentation low

File: workspaces/latest/adminguide/workspaces-port-requirements.md

Summary

Expanded list of smart card authentication endpoints and user login pages across multiple regions

Security assessment

The changes document additional security-related endpoints for smart card authentication and user logins, which are critical for configuring secure network access. While this improves clarity around security features, there is no evidence of addressing a specific security vulnerability.

Diff

diff --git a/workspaces/latest/adminguide/workspaces-port-requirements.md b/workspaces/latest/adminguide/workspaces-port-requirements.md
index 9f315b838..0f335df44 100644
--- a//workspaces/latest/adminguide/workspaces-port-requirements.md
+++ b//workspaces/latest/adminguide/workspaces-port-requirements.md
@@ -276,2 +276,6 @@ Pre-session Smart Card Authentication Endpoints |
-  * https://smartcard.us-east-1.signin.aws
-  * https://smartcard.us-west-2.signin.aws
+  * https://smartcard.af-south-1.signin.aws
+  * https://smartcard.af-south-1.apps.signin.aws
+  * https://smartcard.ap-south-1.signin.aws
+  * https://smartcard.ap-south-1.apps.signin.aws
+  * https://smartcard.ap-southeast-1.signin.aws
+  * https://smartcard.ap-southeast-1.apps.signin.aws
@@ -278,0 +283 @@ Pre-session Smart Card Authentication Endpoints |
+  * https://smartcard.ap-southeast-2.apps.signin.aws
@@ -279,0 +285,7 @@ Pre-session Smart Card Authentication Endpoints |
+  * https://smartcard.ap-northeast-1.apps.signin.aws
+  * https://smartcard.ap-northeast-2.signin.aws
+  * https://smartcard.ap-northeast-2.apps.signin.aws
+  * https://smartcard.ca-central-1.signin.aws
+  * https://smartcard.ca-central-1.apps.signin.aws
+  * https://smartcard.eu-central-1.signin.aws
+  * https://smartcard.eu-central-1.apps.signin.aws
@@ -280,0 +293,17 @@ Pre-session Smart Card Authentication Endpoints |
+  * https://smartcard.eu-west-1.apps.signin.aws
+  * https://smartcard.eu-west-2.signin.aws
+  * https://smartcard.eu-west-2.apps.signin.aws
+  * https://smartcard.eu-west-3.signin.aws
+  * https://smartcard.eu-west-3.apps.signin.aws
+  * https://smartcard.il-central-1.signin.aws
+  * https://smartcard.il-central-1.apps.signin.aws
+  * https://smartcard.sa-east-1.signin.aws
+  * https://smartcard.sa-east-1.apps.signin.aws
+  * https://smartcard.us-east-1.signin.aws
+  * https://smartcard.us-east-1.apps.signin.aws
+  * https://smartcard.us-west-2.signin.aws
+  * https://smartcard.us-west-2.apps.signin.aws
+  * https://smartcard.us-gov-east-1.signin-fips.amazonaws-us-gov.com
+  * https://smartcard.us-gov-east-1.apps.signin-fips.amazonaws-us-gov.com
+  * https://smartcard.us-gov-west-1.signin.amazonaws-us-gov.com
+  * https://smartcard.us-gov-west-1.apps.signin.amazonaws-us-gov.com
@@ -284 +313,78 @@ Pre-session Smart Card Authentication Endpoints |
-User Login Pages | https://<directory id>.awsapps.com/ (where <directory id> is the customer's domain) In the AWS GovCloud (US-West) and AWS GovCloud (US-East) Regions: https://login.us-gov-home.awsapps.com/directory/<directory id>/ (where <directory id> is the customer's domain)  
+User Login Pages | 
+
+  * https://af-south-1.signin.aws
+  * https://af-south-1.signin.aws.amazon.com
+  * https://af-south-1.sso.signin.aws
+  * https://af-south-1.apps.signin.aws
+  * https://ap-south-1.signin.aws
+  * https://ap-south-1.signin.aws.amazon.com
+  * https://ap-south-1.sso.signin.aws
+  * https://ap-south-1.apps.signin.aws
+  * https://ap-southeast-1.signin.aws
+  * https://ap-southeast-1.signin.aws.amazon.com
+  * https://ap-southeast-1.sso.signin.aws
+  * https://ap-southeast-1.apps.signin.aws
+  * https://ap-southeast-2.signin.aws
+  * https://ap-southeast-2.signin.aws.amazon.com
+  * https://ap-southeast-2.sso.signin.aws
+  * https://ap-southeast-2.apps.signin.aws
+  * https://ap-northeast-1.signin.aws
+  * https://ap-northeast-1.signin.aws.amazon.com
+  * https://ap-northeast-1.sso.signin.aws
+  * https://ap-northeast-1.apps.signin.aws
+  * https://ap-northeast-2.signin.aws
+  * https://ap-northeast-2.signin.aws.amazon.com
+  * https://ap-northeast-2.sso.signin.aws
+  * https://ap-northeast-2.apps.signin.aws
+  * https://ca-central-1.signin.aws
+  * https://ca-central-1.signin.aws.amazon.com
+  * https://ca-central-1.sso.signin.aws
+  * https://ca-central-1.apps.signin.aws
+  * https://eu-central-1.signin.aws
+  * https://eu-central-1.signin.aws.amazon.com
+  * https://eu-central-1.sso.signin.aws
+  * https://eu-central-1.apps.signin.aws
+  * https://eu-west-1.signin.aws
+  * https://eu-west-1.signin.aws.amazon.com
+  * https://eu-west-1.sso.signin.aws
+  * https://eu-west-1.apps.signin.aws
+  * https://eu-west-2.signin.aws
+  * https://eu-west-2.signin.aws.amazon.com
+  * https://eu-west-2.sso.signin.aws
+  * https://eu-west-2.apps.signin.aws
+  * https://eu-west-3.signin.aws
+  * https://eu-west-3.signin.aws.amazon.com
+  * https://eu-west-3.sso.signin.aws
+  * https://eu-west-3.apps.signin.aws
+  * https://il-central-1.signin.aws
+  * https://il-central-1.signin.aws.amazon.com
+  * https://il-central-1.sso.signin.aws
+  * https://il-central-1.apps.signin.aws
+  * https://sa-east-1.signin.aws
+  * https://sa-east-1.signin.aws.amazon.com
+  * https://sa-east-1.sso.signin.aws
+  * https://sa-east-1.apps.signin.aws
+  * https://us-east-1.signin.aws
+  * https://us-east-1.signin.aws.amazon.com
+  * https://us-east-1.sso.signin.aws
+  * https://us-east-1.apps.signin.aws
+  * https://us-west-2.signin.aws
+  * https://us-west-2.signin.aws.amazon.com
+  * https://us-west-2.sso.signin.aws
+  * https://us-west-2.apps.signin.aws
+  * https://us-gov-east-1.signin-fips.amazonaws-us-gov.com
+  * https://us-gov-east-1.sso.signin-fips.aws-us-gov.com
+  * https://us-gov-east-1.apps.signin-fips.aws-us-gov.com
+  * https://us-gov-west-1.signin.amazonaws-us-gov.com
+  * https://us-gov-west-1.sso.signin.aws-us-gov.com
+  * https://us-gov-west-1.apps.signin.aws-us-gov.com
+
+https://`directory_id`.awsapps.com/
+
+###### Note
+
+**directory id** is the customer's domain. In the AWS GovCloud (US-West) and AWS GovCloud (US-East) Regions: https://login.us-gov-home.awsapps.com/directory/`directory id`/ 
+
+###### Note
+
+**directory id** is the customer's domain.