AWS Security ChangesHomeSearch

AWS appstream2 documentation change

Service: appstream2 · 2025-11-07 · Documentation low

File: appstream2/latest/developerguide/application-entitlements-saml.md

Summary

Updated product name references from 'AppStream 2.0' to 'WorkSpaces Applications' throughout the document, including links and terminology. No functional changes to security mechanisms.

Security assessment

The changes are purely branding/terminology updates (AppStream 2.0 → WorkSpaces Applications) without modifying security controls or addressing vulnerabilities. The SAML 2.0 integration process, IAM role requirements (sts:TagSession), and entitlement logic remain unchanged. No evidence of security vulnerability fixes or new security features added.

Diff

diff --git a/appstream2/latest/developerguide/application-entitlements-saml.md b/appstream2/latest/developerguide/application-entitlements-saml.md
index 3d8c48e81..309883d8a 100644
--- a//appstream2/latest/developerguide/application-entitlements-saml.md
+++ b//appstream2/latest/developerguide/application-entitlements-saml.md
@@ -3 +3 @@
-[Documentation](/index.html)[Amazon AppStream 2.0](/appstream2/index.html)[Administration Guide](what-is-appstream.html)
+[Documentation](/index.html)[Amazon WorkSpaces Applications](/appstream2/index.html)[Administration Guide](what-is-appstream.html)
@@ -9 +9 @@ Create Application EntitlementsSAML 2.0 Multi-Stack Application Catalog
-Application entitlements control access to specific applications within your AppStream 2.0 stacks. This works by using SAML 2.0 attribute assertions from a third-party SAML 2.0 identity provider. The assertion is matched to a value when a user identity federates to an AppStream 2.0 2.0 SAML application. If the entitlement is true, and the attribute name and value match, access is entitled for the user identity to one or more applications within the stack.
+Application entitlements control access to specific applications within your WorkSpaces Applications stacks. This works by using SAML 2.0 attribute assertions from a third-party SAML 2.0 identity provider. The assertion is matched to a value when a user identity federates to an WorkSpaces Applications 2.0 SAML application. If the entitlement is true, and the attribute name and value match, access is entitled for the user identity to one or more applications within the stack.
@@ -13 +13 @@ Attribute-based application entitlements using a third-party SAML 2.0 identity p
-  * AppStream 2.0 user pool authentication. For more information, see [Amazon AppStream 2.0 User Pools](./user-pool.html).
+  * WorkSpaces Applications user pool authentication. For more information, see [Amazon WorkSpaces Applications User Pools](./user-pool.html).
@@ -15 +15 @@ Attribute-based application entitlements using a third-party SAML 2.0 identity p
-  * AppStream 2.0 streaming URL authentication. For more information, see [Streaming URL](./use-client-start-streaming-session-streaming-URL.html).
+  * WorkSpaces Applications streaming URL authentication. For more information, see [Streaming URL](./use-client-start-streaming-session-streaming-URL.html).
@@ -17 +17 @@ Attribute-based application entitlements using a third-party SAML 2.0 identity p
-  * The desktop application when AppStream 2.0 fleets are configured for **Desktop Stream view**. For more information, see [Create an Amazon AppStream 2.0 Fleet and Stack](./set-up-stacks-fleets.html).
+  * The desktop application when WorkSpaces Applications fleets are configured for **Desktop Stream view**. For more information, see [Create an Amazon WorkSpaces Applications Fleet and Stack](./set-up-stacks-fleets.html).
@@ -21 +21 @@ Attribute-based application entitlements using a third-party SAML 2.0 identity p
-  * When users federate to the AppStream 2.0 application catalog, application entitlements will only display the applications the user is entitled to. Applications are not restricted from running within the AppStream 2.0 session. For example, in a fleet configured for Desktop Stream view, a user can launch an application directly from the desktop.
+  * When users federate to the WorkSpaces Applications application catalog, application entitlements will only display the applications the user is entitled to. Applications are not restricted from running within the WorkSpaces Applications session. For example, in a fleet configured for Desktop Stream view, a user can launch an application directly from the desktop.
@@ -30 +30 @@ Before you create application entitlements, you must do the following:
-  * Create an AppStream 2.0 fleet and stack with an image containing one or more applications (Always-On or On-Demand fleet) or assigned applications (Elastic fleet) that will meet your needs. For more information, see [Create an Amazon AppStream 2.0 Fleet and Stack](./set-up-stacks-fleets.html).
+  * Create an WorkSpaces Applications fleet and stack with an image containing one or more applications (Always-On or On-Demand fleet) or assigned applications (Elastic fleet) that will meet your needs. For more information, see [Create an Amazon WorkSpaces Applications Fleet and Stack](./set-up-stacks-fleets.html).
@@ -32 +32 @@ Before you create application entitlements, you must do the following:
-  * Provide user access to the stack using a third-party SAML 2.0 identity provider. For more information, see [Amazon AppStream 2.0 Integration with SAML 2.0](./external-identity-providers.html). If you are using an existing SAML 2.0 identity provider that you setup previously, see [Step 2: Create a SAML 2.0 Federation IAM Role](./external-identity-providers-setting-up-saml.html#external-identity-providers-grantperms) for the steps to add the sts:TagSession permission to your IAM role trust policy. For more information, see [Passing session tags in AWS STS](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html). This permission is required to use application entitlements.
+  * Provide user access to the stack using a third-party SAML 2.0 identity provider. For more information, see [Amazon WorkSpaces Applications Integration with SAML 2.0](./external-identity-providers.html). If you are using an existing SAML 2.0 identity provider that you setup previously, see [Step 2: Create a SAML 2.0 Federation IAM Role](./external-identity-providers-setting-up-saml.html#external-identity-providers-grantperms) for the steps to add the sts:TagSession permission to your IAM role trust policy. For more information, see [Passing session tags in AWS STS](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html). This permission is required to use application entitlements.
@@ -39 +39 @@ Before you create application entitlements, you must do the following:
-  1. [Open the AppStream 2.0 console](./managing-image-builders-connect-console.html).
+  1. [Open the WorkSpaces Applications console](./managing-image-builders-connect-console.html).
@@ -65 +65 @@ When mapping attributes, specify the attribute in the format https://aws.amazon.
-The attributes that you defined are used to entitle applications in your stack to a user when they federate into an AppStream 2.0 session. Entitlement works by matching the attribute name to a key value name in the SAML assertion created during federation. For more information, see [SAML PrincipalTag Attribute](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml_assertions.html#saml_role-session-tags.html).
+The attributes that you defined are used to entitle applications in your stack to a user when they federate into an WorkSpaces Applications session. Entitlement works by matching the attribute name to a key value name in the SAML assertion created during federation. For more information, see [SAML PrincipalTag Attribute](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml_assertions.html#saml_role-session-tags.html).
@@ -77 +77 @@ For example, groups information can be passed in a SAML attribute name https://a
-  8. In your SAML 2.0 identity provider, configure your AppStream 2.0 SAML application attribute mappings to send the attribute and value defined in your entitlement. When users federate to the AppStream 2.0 application catalog, application entitlements will only display the applications the user is entitled to.
+  8. In your SAML 2.0 identity provider, configure your WorkSpaces Applications SAML application attribute mappings to send the attribute and value defined in your entitlement. When users federate to the WorkSpaces Applications application catalog, application entitlements will only display the applications the user is entitled to.
@@ -89 +89 @@ With attribute-based application entitlements using a third-party SAML 2.0 ident
-When users federate to the AppStream 2.0 application catalog, they will be presented with all of the stacks where application entitlements have matched one or more applications to the user for the account ID and relay state endpoint associated with the Region in which your stacks are located. When a user selects a catalog, application entitlements will only display the applications the user is entitled to. For more information, see [Step 6: Configure the Relay State of Your Federation](./external-identity-providers-setting-up-saml.html#external-identity-providers-relay-state).
+When users federate to the WorkSpaces Applications application catalog, they will be presented with all of the stacks where application entitlements have matched one or more applications to the user for the account ID and relay state endpoint associated with the Region in which your stacks are located. When a user selects a catalog, application entitlements will only display the applications the user is entitled to. For more information, see [Step 6: Configure the Relay State of Your Federation](./external-identity-providers-setting-up-saml.html#external-identity-providers-relay-state).