AWS Security ChangesHomeSearch

AWS singlesignon documentation change

Service: singlesignon · 2025-11-10 · Documentation low

File: singlesignon/latest/IdentityStoreAPIReference/API_ListGroupMemberships.md

Summary

Added documentation about member account access, new response fields (CreatedAt, CreatedBy, UpdatedAt, UpdatedBy), and KMS-related error reason explanations

Security assessment

The change adds documentation about limiting access from member accounts and clarifies KMS-related error handling. While these relate to security practices, there's no evidence of addressing a specific vulnerability. The updates improve security documentation by explaining access controls and encryption key management interactions.

Diff

diff --git a/singlesignon/latest/IdentityStoreAPIReference/API_ListGroupMemberships.md b/singlesignon/latest/IdentityStoreAPIReference/API_ListGroupMemberships.md
index 18205e263..0e414dc19 100644
--- a//singlesignon/latest/IdentityStoreAPIReference/API_ListGroupMemberships.md
+++ b//singlesignon/latest/IdentityStoreAPIReference/API_ListGroupMemberships.md
@@ -8,0 +9,6 @@ Request SyntaxRequest ParametersResponse SyntaxResponse ElementsErrorsExamplesSe
+For the specified group in the specified identity store, returns the list of all ` GroupMembership` objects and returns results in paginated form.
+
+###### Note
+
+If you have access to a member account, you can use this API operation from the member account. For more information, see [Limiting access to the identity store from member accounts](https://docs.aws.amazon.com/singlesignon/latest/userguide/manage-your-accounts.html#limiting-access-from-member-accounts) in the _AWS IAM Identity Center User Guide_.
+
@@ -80,0 +87,2 @@ Required: No
+             "[CreatedAt](./API_GroupMembership.html#singlesignon-Type-GroupMembership-CreatedAt)": **_number_** ,
+             "[CreatedBy](./API_GroupMembership.html#singlesignon-Type-GroupMembership-CreatedBy)": "**_string_** ",
@@ -84 +92,3 @@ Required: No
-             "[MembershipId](./API_GroupMembership.html#singlesignon-Type-GroupMembership-MembershipId)": "**_string_** "
+             "[MembershipId](./API_GroupMembership.html#singlesignon-Type-GroupMembership-MembershipId)": "**_string_** ",
+             "[UpdatedAt](./API_GroupMembership.html#singlesignon-Type-GroupMembership-UpdatedAt)": **_number_** ,
+             "[UpdatedBy](./API_GroupMembership.html#singlesignon-Type-GroupMembership-UpdatedBy)": "**_string_** "
@@ -122,0 +133,5 @@ You do not have sufficient access to perform this action.
+**Reason**
+    
+
+Indicates the reason for an access denial when returned by KMS while accessing a Customer Managed KMS key. For non-KMS access-denied errors, this field is not included.
+
@@ -151,0 +167,5 @@ Indicates that a requested resource is not found.
+**Reason**
+    
+
+Indicates the reason for a resource not found error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included.
+
@@ -173,0 +194,5 @@ Indicates that the principal has crossed the throttling limits of the API operat
+**Reason**
+    
+
+Indicates the reason for the throttling error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included.
+
@@ -190,0 +216,5 @@ The request failed because it contains a syntax error.
+**Reason**
+    
+
+Indicates the reason for the validation error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included.
+