AWS IAM medium security documentation change
Summary
Added entry for OIDC provider security controls requiring explicit JWT claim evaluation
Security assessment
Documents a new security control to prevent unauthorized role assumptions via shared OIDC providers. Explicitly addresses authorization vulnerabilities in identity federation.
Diff
diff --git a/IAM/latest/UserGuide/document-history.md b/IAM/latest/UserGuide/document-history.md index 57f389cdf..2d2de17ea 100644 --- a//IAM/latest/UserGuide/document-history.md +++ b//IAM/latest/UserGuide/document-history.md @@ -10,0 +11 @@ Change| Description| Date +[Identity provider controls for shared OIDC providers](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc_secure-by-default.html)| IAM now requires explicit evaluation of specific claims in JSON Web Tokens (JWTs) for recognized shared OIDC identity providers. This security control ensures that only authorized identities from the intended organization can assume roles and access AWS resources.| June 6, 2025