AWS Security ChangesHomeSearch

AWS elasticloadbalancing documentation change

Service: elasticloadbalancing · 2025-06-13 · Documentation medium

File: elasticloadbalancing/latest/application/listener-authenticate-users.md

Summary

Added note requiring consistent HTTPS port 443 usage with OIDC and CloudFront to prevent authentication failures.

Security assessment

Addresses potential misconfiguration that could lead to authentication issues, but documents best practices rather than fixing a security vulnerability.

Diff

diff --git a/elasticloadbalancing/latest/application/listener-authenticate-users.md b/elasticloadbalancing/latest/application/listener-authenticate-users.md
index 9b895b3c2..f2b6fed3f 100644
--- a//elasticloadbalancing/latest/application/listener-authenticate-users.md
+++ b//elasticloadbalancing/latest/application/listener-authenticate-users.md
@@ -150,0 +151,2 @@ Enable the following settings if you are using a CloudFront distribution in fron
+  * When configuring OpenID Connect (OIDC) authentication in conjunction with Amazon CloudFront, ensure that HTTPS port 443 is consistently used throughout the entire connection path. Otherwise, authentication failures can occur because the client OIDC redirect URLs do not match the port number of the originally generated URI.
+