AWS Security ChangesHomeSearch

AWS mwaa documentation change

Service: mwaa · 2025-10-13 · Documentation low

File: mwaa/latest/userguide/access-mwaa-apache-airflow-rest-api.md

Summary

Updated REST API authentication code example: changed login URL path, cookie name, and function name.

Security assessment

The changes appear to reflect updates to authentication flow implementation (e.g., using 'session' cookies instead of '_token'), but there is no explicit evidence of a security vulnerability being addressed. This is likely a routine update to align with backend changes.

Diff

diff --git a/mwaa/latest/userguide/access-mwaa-apache-airflow-rest-api.md b/mwaa/latest/userguide/access-mwaa-apache-airflow-rest-api.md
index a69f2bf7b..8a22c701e 100644
--- a//mwaa/latest/userguide/access-mwaa-apache-airflow-rest-api.md
+++ b//mwaa/latest/userguide/access-mwaa-apache-airflow-rest-api.md
@@ -229 +229 @@ Apache Airflow v2
-    def get_token_info(region, env_name):
+    def get_session_info(region, env_name):
@@ -242 +242 @@ Apache Airflow v2
-        login_url = f"https://{web_server_host_name}/pluginsv2/aws_mwaa/login"
+          login_url = f"https://{web_server_host_name}/aws_mwaa/login"
@@ -252 +252 @@ Apache Airflow v2
-        # Check if login was successful
+          # Check if login was succesfull 
@@ -258 +258 @@ Apache Airflow v2
-          response.cookies['_token']
+                  response.cookies["session"]