AWS cli documentation change
Summary
Added Application Load Balancer specificity to stickiness duration documentation
Security assessment
Clarification of existing feature behavior rather than security-related change
Diff
diff --git a/cli/latest/reference/elbv2/create-listener.md b/cli/latest/reference/elbv2/create-listener.md index d0b22484f..30effbb6c 100644 --- a//cli/latest/reference/elbv2/create-listener.md +++ b//cli/latest/reference/elbv2/create-listener.md @@ -15 +15 @@ - * [AWS CLI 2.31.32 Command Reference](../../index.html) » + * [AWS CLI 2.31.35 Command Reference](../../index.html) » @@ -190 +190,3 @@ JSON Syntax: ->> Each rule must include exactly one of the following types of actions: `forward` , `fixed-response` , or `redirect` , and it must be the last action to be performed. +>> Each rule must include exactly one of the following routing actions: `forward` , `fixed-response` , or `redirect` , and it must be the last action to be performed. +>> +>> Optionally, a rule for an HTTPS listener can also include one of the following user authentication actions: `authenticate-oidc` , `authenticate-cognito` , or `jwt-validation` . @@ -202,0 +205 @@ JSON Syntax: +>>> * `jwt-validation` @@ -208 +211 @@ JSON Syntax: ->>> The Amazon Resource Name (ARN) of the target group. Specify only when `Type` is `forward` and you want to route to a single target group. To route to one or more target groups, use `ForwardConfig` instead. +>>> The Amazon Resource Name (ARN) of the target group. Specify only when `Type` is `forward` and you want to route to a single target group. To route to multiple target groups, you must use `ForwardConfig` instead. @@ -451 +454,3 @@ JSON Syntax: ->>> Information for creating an action that distributes requests among one or more target groups. For Network Load Balancers, you can specify a single target group. Specify only when `Type` is `forward` . If you specify both `ForwardConfig` and `TargetGroupArn` , you can specify only one target group using `ForwardConfig` and it must be the same target group specified in `TargetGroupArn` . +>>> Information for creating an action that distributes requests among multiple target groups. Specify only when `Type` is `forward` . +>>> +>>> If you specify both `ForwardConfig` and `TargetGroupArn` , you can specify only one target group using `ForwardConfig` and it must be the same target group specified in `TargetGroupArn` . @@ -455 +460 @@ JSON Syntax: ->>>> The target groups. For Network Load Balancers, you can specify a single target group. +>>>> The target groups. @@ -479 +484,45 @@ JSON Syntax: ->>>>> The time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days). You must specify this value when enabling target group stickiness. +>>>>> [Application Load Balancers] The time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days). You must specify this value when enabling target group stickiness. +>> +>> JwtValidationConfig -> (structure) +>> +>>> [HTTPS listeners] Information for validating JWT access tokens in client requests. Specify only when `Type` is `jwt-validation` . +>>> +>>> JwksEndpoint -> (string) [required] +>>> +>>>> The JSON Web Key Set (JWKS) endpoint. This endpoint contains JSON Web Keys (JWK) that are used to validate signatures from the provider. +>>>> +>>>> This must be a full URL, including the HTTPS protocol, the domain, and the path. The maximum length is 256 characters. +>>> +>>> Issuer -> (string) [required] +>>> +>>>> The issuer of the JWT. The maximum length is 256 characters. +>>> +>>> AdditionalClaims -> (list) +>>> +>>>> Additional claims to validate. The maximum size of the list is 10. We validate the `exp` , `iss` , `nbf` , and `iat` claims by default. +>>>> +>>>> (structure) +>>>> +>>>>> Information about an additional claim to validate. +>>>>> +>>>>> Format -> (string) [required] +>>>>> +>>>>>> The format of the claim value. +>>>>>> +>>>>>> Possible values: +>>>>>> +>>>>>> * `single-string` +>>>>>> * `string-array` +>>>>>> * `space-separated-values` +>>>>>> + +>>>>> +>>>>> Name -> (string) [required] +>>>>> +>>>>>> The name of the claim. You can’t specify `exp` , `iss` , `nbf` , or `iat` because we validate them by default. +>>>>> +>>>>> Values -> (list) [required] +>>>>> +>>>>>> The claim value. The maximum size of the list is 10. Each value can be up to 256 characters in length. If the format is `space-separated-values` , the values can’t include spaces. +>>>>>> +>>>>>> (string) @@ -486 +535 @@ JSON Syntax: - "Type": "forward"|"authenticate-oidc"|"authenticate-cognito"|"redirect"|"fixed-response", + "Type": "forward"|"authenticate-oidc"|"authenticate-cognito"|"redirect"|"fixed-response"|"jwt-validation", @@ -539,0 +589,12 @@ JSON Syntax: + }, + "JwtValidationConfig": { + "JwksEndpoint": "string", + "Issuer": "string", + "AdditionalClaims": [ + { + "Format": "single-string"|"string-array"|"space-separated-values", + "Name": "string", + "Values": ["string", ...] + } + ... + ] @@ -970 +1031,3 @@ Listeners -> (list) ->>>> Each rule must include exactly one of the following types of actions: `forward` , `fixed-response` , or `redirect` , and it must be the last action to be performed. +>>>> Each rule must include exactly one of the following routing actions: `forward` , `fixed-response` , or `redirect` , and it must be the last action to be performed. +>>>> +>>>> Optionally, a rule for an HTTPS listener can also include one of the following user authentication actions: `authenticate-oidc` , `authenticate-cognito` , or `jwt-validation` . @@ -982,0 +1046 @@ Listeners -> (list) +>>>>> * `jwt-validation` @@ -988 +1052 @@ Listeners -> (list) ->>>>> The Amazon Resource Name (ARN) of the target group. Specify only when `Type` is `forward` and you want to route to a single target group. To route to one or more target groups, use `ForwardConfig` instead. +>>>>> The Amazon Resource Name (ARN) of the target group. Specify only when `Type` is `forward` and you want to route to a single target group. To route to multiple target groups, you must use `ForwardConfig` instead. @@ -1231 +1295,3 @@ Listeners -> (list) ->>>>> Information for creating an action that distributes requests among one or more target groups. For Network Load Balancers, you can specify a single target group. Specify only when `Type` is `forward` . If you specify both `ForwardConfig` and `TargetGroupArn` , you can specify only one target group using `ForwardConfig` and it must be the same target group specified in `TargetGroupArn` . +>>>>> Information for creating an action that distributes requests among multiple target groups. Specify only when `Type` is `forward` . +>>>>> +>>>>> If you specify both `ForwardConfig` and `TargetGroupArn` , you can specify only one target group using `ForwardConfig` and it must be the same target group specified in `TargetGroupArn` . @@ -1235 +1301 @@ Listeners -> (list) ->>>>>> The target groups. For Network Load Balancers, you can specify a single target group. +>>>>>> The target groups. @@ -1259 +1325,45 @@ Listeners -> (list) ->>>>>>> The time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days). You must specify this value when enabling target group stickiness. +>>>>>>> [Application Load Balancers] The time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days). You must specify this value when enabling target group stickiness. +>>>> +>>>> JwtValidationConfig -> (structure) +>>>> +>>>>> [HTTPS listeners] Information for validating JWT access tokens in client requests. Specify only when `Type` is `jwt-validation` . +>>>>> +>>>>> JwksEndpoint -> (string) [required] +>>>>> +>>>>>> The JSON Web Key Set (JWKS) endpoint. This endpoint contains JSON Web Keys (JWK) that are used to validate signatures from the provider. +>>>>>> +>>>>>> This must be a full URL, including the HTTPS protocol, the domain, and the path. The maximum length is 256 characters. +>>>>> +>>>>> Issuer -> (string) [required] +>>>>> +>>>>>> The issuer of the JWT. The maximum length is 256 characters. +>>>>> +>>>>> AdditionalClaims -> (list) +>>>>> +>>>>>> Additional claims to validate. The maximum size of the list is 10. We validate the `exp` , `iss` , `nbf` , and `iat` claims by default. +>>>>>> +>>>>>> (structure) +>>>>>> +>>>>>>> Information about an additional claim to validate. +>>>>>>> +>>>>>>> Format -> (string) [required] +>>>>>>> +>>>>>>>> The format of the claim value. +>>>>>>>> +>>>>>>>> Possible values: +>>>>>>>> +>>>>>>>> * `single-string` +>>>>>>>> * `string-array` +>>>>>>>> * `space-separated-values` +>>>>>>>> + +>>>>>>> +>>>>>>> Name -> (string) [required] +>>>>>>> +>>>>>>>> The name of the claim. You can’t specify `exp` , `iss` , `nbf` , or `iat` because we validate them by default. +>>>>>>> +>>>>>>> Values -> (list) [required] +>>>>>>> +>>>>>>>> The claim value. The maximum size of the list is 10. Each value can be up to 256 characters in length. If the format is `space-separated-values` , the values can’t include spaces. +>>>>>>>> +>>>>>>>> (string) @@ -1315 +1425 @@ Listeners -> (list) - * [AWS CLI 2.31.32 Command Reference](../../index.html) » + * [AWS CLI 2.31.35 Command Reference](../../index.html) »