AWS cli documentation change
Summary
Added new authentication-detail parameter with IAM Identity Center authentication configuration options (AWS_IAM_IDC_TTI and AWS_IAM_IDC_AUTH_CODE types) including trusted token issuer ARN and external IDs
Security assessment
The change introduces documentation for authentication configuration using IAM Identity Center, which is a security feature. However, there is no evidence of addressing an existing vulnerability - this appears to be a new security capability addition rather than a fix.
Diff
diff --git a/cli/latest/reference/qbusiness/create-data-accessor.md b/cli/latest/reference/qbusiness/create-data-accessor.md index 95f33863a..16a9bf048 100644 --- a//cli/latest/reference/qbusiness/create-data-accessor.md +++ b//cli/latest/reference/qbusiness/create-data-accessor.md @@ -15 +15 @@ - * [AWS CLI 2.27.42 Command Reference](../../index.html) » + * [AWS CLI 2.27.45 Command Reference](../../index.html) » @@ -71,0 +72 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/qbusin + [--authentication-detail <value>] @@ -1502,0 +1504,55 @@ JSON Syntax: +`--authentication-detail` (structure) + +> The authentication configuration details for the data accessor. This specifies how the ISV will authenticate when accessing data through this data accessor. +> +> authenticationType -> (string) +> +>> The type of authentication to use for the data accessor. This determines how the ISV authenticates when accessing data. You can use one of two authentication types: +>> +>> * `AWS_IAM_IDC_TTI` \- Authentication using IAM Identity Center Trusted Token Issuer (TTI). This authentication type allows the ISV to use a trusted token issuer to generate tokens for accessing the data. +>> * `AWS_IAM_IDC_AUTH_CODE` \- Authentication using IAM Identity Center authorization code flow. This authentication type uses the standard OAuth 2.0 authorization code flow for authentication. +>> + +> +> authenticationConfiguration -> (tagged union structure) +> +>> The specific authentication configuration based on the authentication type. +>> +>> ### Note +>> +>> This is a Tagged Union structure. Only one of the following top level keys can be set: `idcTrustedTokenIssuerConfiguration`. +>> +>> idcTrustedTokenIssuerConfiguration -> (structure) +>> +>>> Configuration for IAM Identity Center Trusted Token Issuer (TTI) authentication used when the authentication type is `AWS_IAM_IDC_TTI` . +>>> +>>> idcTrustedTokenIssuerArn -> (string) +>>> +>>>> The Amazon Resource Name (ARN) of the IAM Identity Center Trusted Token Issuer that will be used for authentication. +> +> externalIds -> (list) +> +>> A list of external identifiers associated with this authentication configuration. These are used to correlate the data accessor with external systems. +>> +>> (string) + +Shorthand Syntax: + + + authenticationType=string,authenticationConfiguration={idcTrustedTokenIssuerConfiguration={idcTrustedTokenIssuerArn=string}},externalIds=string,string + + +JSON Syntax: + + + { + "authenticationType": "AWS_IAM_IDC_TTI"|"AWS_IAM_IDC_AUTH_CODE", + "authenticationConfiguration": { + "idcTrustedTokenIssuerConfiguration": { + "idcTrustedTokenIssuerArn": "string" + } + }, + "externalIds": ["string", ...] + } + + @@ -1658 +1714 @@ dataAccessorArn -> (string) - * [AWS CLI 2.27.42 Command Reference](../../index.html) » + * [AWS CLI 2.27.45 Command Reference](../../index.html) »