AWS cli documentation change
Summary
Updated documentation for ELBv2 rules to add JWT validation configuration details and clarify routing action requirements
Security assessment
The change adds detailed documentation about JWT validation configuration for HTTPS listeners, including parameters like JwksEndpoint, Issuer, and AdditionalClaims validation. While this documents security-related authentication features (JWT validation), there is no indication this addresses a specific security vulnerability. The changes appear to be feature documentation rather than patching a security issue.
Diff
diff --git a/cli/latest/reference/elbv2/describe-rules.md b/cli/latest/reference/elbv2/describe-rules.md index 13072aebb..edf44867b 100644 --- a//cli/latest/reference/elbv2/describe-rules.md +++ b//cli/latest/reference/elbv2/describe-rules.md @@ -15 +15 @@ - * [AWS CLI 2.31.32 Command Reference](../../index.html) » + * [AWS CLI 2.31.35 Command Reference](../../index.html) » @@ -60 +60 @@ First time using the AWS CLI? See the [User Guide](https://docs.aws.amazon.com/c -Describes the specified rules or the rules for the specified listener. You must specify either a listener or one or more rules. +Describes the specified rules or the rules for the specified listener. You must specify either a listener or rules. @@ -454 +454,3 @@ Rules -> (list) ->>>> Each rule must include exactly one of the following types of actions: `forward` , `fixed-response` , or `redirect` , and it must be the last action to be performed. +>>>> Each rule must include exactly one of the following routing actions: `forward` , `fixed-response` , or `redirect` , and it must be the last action to be performed. +>>>> +>>>> Optionally, a rule for an HTTPS listener can also include one of the following user authentication actions: `authenticate-oidc` , `authenticate-cognito` , or `jwt-validation` . @@ -466,0 +469 @@ Rules -> (list) +>>>>> * `jwt-validation` @@ -472 +475 @@ Rules -> (list) ->>>>> The Amazon Resource Name (ARN) of the target group. Specify only when `Type` is `forward` and you want to route to a single target group. To route to one or more target groups, use `ForwardConfig` instead. +>>>>> The Amazon Resource Name (ARN) of the target group. Specify only when `Type` is `forward` and you want to route to a single target group. To route to multiple target groups, you must use `ForwardConfig` instead. @@ -715 +718,3 @@ Rules -> (list) ->>>>> Information for creating an action that distributes requests among one or more target groups. For Network Load Balancers, you can specify a single target group. Specify only when `Type` is `forward` . If you specify both `ForwardConfig` and `TargetGroupArn` , you can specify only one target group using `ForwardConfig` and it must be the same target group specified in `TargetGroupArn` . +>>>>> Information for creating an action that distributes requests among multiple target groups. Specify only when `Type` is `forward` . +>>>>> +>>>>> If you specify both `ForwardConfig` and `TargetGroupArn` , you can specify only one target group using `ForwardConfig` and it must be the same target group specified in `TargetGroupArn` . @@ -719 +724 @@ Rules -> (list) ->>>>>> The target groups. For Network Load Balancers, you can specify a single target group. +>>>>>> The target groups. @@ -743 +748,45 @@ Rules -> (list) ->>>>>>> The time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days). You must specify this value when enabling target group stickiness. +>>>>>>> [Application Load Balancers] The time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days). You must specify this value when enabling target group stickiness. +>>>> +>>>> JwtValidationConfig -> (structure) +>>>> +>>>>> [HTTPS listeners] Information for validating JWT access tokens in client requests. Specify only when `Type` is `jwt-validation` . +>>>>> +>>>>> JwksEndpoint -> (string) [required] +>>>>> +>>>>>> The JSON Web Key Set (JWKS) endpoint. This endpoint contains JSON Web Keys (JWK) that are used to validate signatures from the provider. +>>>>>> +>>>>>> This must be a full URL, including the HTTPS protocol, the domain, and the path. The maximum length is 256 characters. +>>>>> +>>>>> Issuer -> (string) [required] +>>>>> +>>>>>> The issuer of the JWT. The maximum length is 256 characters. +>>>>> +>>>>> AdditionalClaims -> (list) +>>>>> +>>>>>> Additional claims to validate. The maximum size of the list is 10. We validate the `exp` , `iss` , `nbf` , and `iat` claims by default. +>>>>>> +>>>>>> (structure) +>>>>>> +>>>>>>> Information about an additional claim to validate. +>>>>>>> +>>>>>>> Format -> (string) [required] +>>>>>>> +>>>>>>>> The format of the claim value. +>>>>>>>> +>>>>>>>> Possible values: +>>>>>>>> +>>>>>>>> * `single-string` +>>>>>>>> * `string-array` +>>>>>>>> * `space-separated-values` +>>>>>>>> + +>>>>>>> +>>>>>>> Name -> (string) [required] +>>>>>>> +>>>>>>>> The name of the claim. You can’t specify `exp` , `iss` , `nbf` , or `iat` because we validate them by default. +>>>>>>> +>>>>>>> Values -> (list) [required] +>>>>>>> +>>>>>>>> The claim value. The maximum size of the list is 10. Each value can be up to 256 characters in length. If the format is `space-separated-values` , the values can’t include spaces. +>>>>>>>> +>>>>>>>> (string) @@ -827 +876 @@ NextMarker -> (string) - * [AWS CLI 2.31.32 Command Reference](../../index.html) » + * [AWS CLI 2.31.35 Command Reference](../../index.html) »