AWS Security ChangesHomeSearch

AWS code-library documentation change

Service: code-library · 2025-06-28 · Documentation medium

File: code-library/latest/ug/sts_example_sts_AssumeRoleWithWebIdentity_section.md

Summary

Added PowerShell V5 example for Use-STSWebIdentityRole with web identity federation

Security assessment

The example documents secure authentication via web identity tokens and temporary credentials, which is a core security feature. However, there is no evidence of addressing a specific vulnerability.

Diff

diff --git a/code-library/latest/ug/sts_example_sts_AssumeRoleWithWebIdentity_section.md b/code-library/latest/ug/sts_example_sts_AssumeRoleWithWebIdentity_section.md
index 9e1e8e2bb..e5ae88279 100644
--- a//code-library/latest/ug/sts_example_sts_AssumeRoleWithWebIdentity_section.md
+++ b//code-library/latest/ug/sts_example_sts_AssumeRoleWithWebIdentity_section.md
@@ -73,0 +74,14 @@ PowerShell
+**Tools for PowerShell V5**
+    
+
+**Example 1: Returns a temporary set of credentials, valid for one hour, for a user who has been authenticated with the Login with Amazon identity provider. The credentials assume the access policy associated with the role identified by the role ARN. Optionally, you can pass a JSON policy to the -Policy parameter that further refine the access permissions (you cannot grant more permissions than are available in the permissions associated with the role). The value supplied to the -WebIdentityToken is the unique user identifier that was returned by the identity provider.**
+    
+    
+    Use-STSWebIdentityRole -DurationInSeconds 3600 -ProviderId "www.amazon.com" -RoleSessionName "app1" -RoleArn "arn:aws:iam::123456789012:role/FederatedWebIdentityRole" -WebIdentityToken "Atza...DVI0r1"
+    
+
+  * For API details, see [AssumeRoleWithWebIdentity](https://docs.aws.amazon.com/powershell/v5/reference) in _AWS Tools for PowerShell Cmdlet Reference (V5)_. 
+
+
+
+