AWS Security ChangesHomeSearch

AWS singlesignon medium security documentation change

Service: singlesignon · 2025-11-10 · Security-related medium

File: singlesignon/latest/IdentityStoreAPIReference/API_DescribeGroup.md

Summary

Added audit fields (CreatedAt/CreatedBy/UpdatedAt/UpdatedBy), member account access note, and KMS-related error reason documentation

Security assessment

Added audit trail fields improve security visibility. KMS-specific error reasons document encryption key access issues. Member account guidance relates to access control security practices.

Diff

diff --git a/singlesignon/latest/IdentityStoreAPIReference/API_DescribeGroup.md b/singlesignon/latest/IdentityStoreAPIReference/API_DescribeGroup.md
index 649ff9f3b..decbc1c18 100644
--- a//singlesignon/latest/IdentityStoreAPIReference/API_DescribeGroup.md
+++ b//singlesignon/latest/IdentityStoreAPIReference/API_DescribeGroup.md
@@ -8,0 +9,6 @@ Request SyntaxRequest ParametersResponse SyntaxResponse ElementsErrorsExamplesSe
+Retrieves the group metadata and attributes from `GroupId` in an identity store.
+
+###### Note
+
+If you have access to a member account, you can use this API operation from the member account. For more information, see [Limiting access to the identity store from member accounts](https://docs.aws.amazon.com/singlesignon/latest/userguide/manage-your-accounts.html#limiting-access-from-member-accounts) in the _AWS IAM Identity Center User Guide_.
+
@@ -52,0 +59,2 @@ Required: Yes
+       "CreatedAt": **_number_** ,
+       "CreatedBy": "**_string_** ",
@@ -62 +70,3 @@ Required: Yes
-       "IdentityStoreId": "**_string_** "
+       "IdentityStoreId": "**_string_** ",
+       "UpdatedAt": **_number_** ,
+       "UpdatedBy": "**_string_** "
@@ -70,0 +81,14 @@ The following data is returned in JSON format by the service.
+**CreatedAt **
+    
+
+The date and time the group was created.
+
+Type: Timestamp
+
+**CreatedBy **
+    
+
+The identifier of the user or system that created the group.
+
+Type: String
+
@@ -123,0 +148,14 @@ Pattern: `d-[0-9a-f]{10}$|^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a
+**UpdatedAt **
+    
+
+The date and time the group was last updated.
+
+Type: Timestamp
+
+**UpdatedBy **
+    
+
+The identifier of the user or system that last updated the group.
+
+Type: String
+
@@ -132,0 +171,5 @@ You do not have sufficient access to perform this action.
+**Reason**
+    
+
+Indicates the reason for an access denial when returned by KMS while accessing a Customer Managed KMS key. For non-KMS access-denied errors, this field is not included.
+
@@ -161,0 +205,5 @@ Indicates that a requested resource is not found.
+**Reason**
+    
+
+Indicates the reason for a resource not found error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included.
+
@@ -183,0 +232,5 @@ Indicates that the principal has crossed the throttling limits of the API operat
+**Reason**
+    
+
+Indicates the reason for the throttling error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included.
+
@@ -200,0 +254,5 @@ The request failed because it contains a syntax error.
+**Reason**
+    
+
+Indicates the reason for the validation error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included.
+