AWS cli documentation change
Summary
Added JWT validation configuration details and clarified routing/target group rules for ALB/HTTPS listeners
Security assessment
Added documentation for JWT validation configuration (authenticate-oidc, authenticate-cognito, jwt-validation) which are security-related authentication features for HTTPS listeners. However, there's no indication this addresses a specific vulnerability.
Diff
diff --git a/cli/latest/reference/elbv2/set-rule-priorities.md b/cli/latest/reference/elbv2/set-rule-priorities.md index 07ac7dc9b..d2b782adc 100644 --- a//cli/latest/reference/elbv2/set-rule-priorities.md +++ b//cli/latest/reference/elbv2/set-rule-priorities.md @@ -15 +15 @@ - * [AWS CLI 2.31.32 Command Reference](../../index.html) » + * [AWS CLI 2.31.35 Command Reference](../../index.html) » @@ -477 +477,3 @@ Rules -> (list) ->>>> Each rule must include exactly one of the following types of actions: `forward` , `fixed-response` , or `redirect` , and it must be the last action to be performed. +>>>> Each rule must include exactly one of the following routing actions: `forward` , `fixed-response` , or `redirect` , and it must be the last action to be performed. +>>>> +>>>> Optionally, a rule for an HTTPS listener can also include one of the following user authentication actions: `authenticate-oidc` , `authenticate-cognito` , or `jwt-validation` . @@ -489,0 +492 @@ Rules -> (list) +>>>>> * `jwt-validation` @@ -495 +498 @@ Rules -> (list) ->>>>> The Amazon Resource Name (ARN) of the target group. Specify only when `Type` is `forward` and you want to route to a single target group. To route to one or more target groups, use `ForwardConfig` instead. +>>>>> The Amazon Resource Name (ARN) of the target group. Specify only when `Type` is `forward` and you want to route to a single target group. To route to multiple target groups, you must use `ForwardConfig` instead. @@ -738 +741,3 @@ Rules -> (list) ->>>>> Information for creating an action that distributes requests among one or more target groups. For Network Load Balancers, you can specify a single target group. Specify only when `Type` is `forward` . If you specify both `ForwardConfig` and `TargetGroupArn` , you can specify only one target group using `ForwardConfig` and it must be the same target group specified in `TargetGroupArn` . +>>>>> Information for creating an action that distributes requests among multiple target groups. Specify only when `Type` is `forward` . +>>>>> +>>>>> If you specify both `ForwardConfig` and `TargetGroupArn` , you can specify only one target group using `ForwardConfig` and it must be the same target group specified in `TargetGroupArn` . @@ -742 +747 @@ Rules -> (list) ->>>>>> The target groups. For Network Load Balancers, you can specify a single target group. +>>>>>> The target groups. @@ -766 +771,45 @@ Rules -> (list) ->>>>>>> The time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days). You must specify this value when enabling target group stickiness. +>>>>>>> [Application Load Balancers] The time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days). You must specify this value when enabling target group stickiness. +>>>> +>>>> JwtValidationConfig -> (structure) +>>>> +>>>>> [HTTPS listeners] Information for validating JWT access tokens in client requests. Specify only when `Type` is `jwt-validation` . +>>>>> +>>>>> JwksEndpoint -> (string) [required] +>>>>> +>>>>>> The JSON Web Key Set (JWKS) endpoint. This endpoint contains JSON Web Keys (JWK) that are used to validate signatures from the provider. +>>>>>> +>>>>>> This must be a full URL, including the HTTPS protocol, the domain, and the path. The maximum length is 256 characters. +>>>>> +>>>>> Issuer -> (string) [required] +>>>>> +>>>>>> The issuer of the JWT. The maximum length is 256 characters. +>>>>> +>>>>> AdditionalClaims -> (list) +>>>>> +>>>>>> Additional claims to validate. The maximum size of the list is 10. We validate the `exp` , `iss` , `nbf` , and `iat` claims by default. +>>>>>> +>>>>>> (structure) +>>>>>> +>>>>>>> Information about an additional claim to validate. +>>>>>>> +>>>>>>> Format -> (string) [required] +>>>>>>> +>>>>>>>> The format of the claim value. +>>>>>>>> +>>>>>>>> Possible values: +>>>>>>>> +>>>>>>>> * `single-string` +>>>>>>>> * `string-array` +>>>>>>>> * `space-separated-values` +>>>>>>>> + +>>>>>>> +>>>>>>> Name -> (string) [required] +>>>>>>> +>>>>>>>> The name of the claim. You can’t specify `exp` , `iss` , `nbf` , or `iat` because we validate them by default. +>>>>>>> +>>>>>>> Values -> (list) [required] +>>>>>>> +>>>>>>>> The claim value. The maximum size of the list is 10. Each value can be up to 256 characters in length. If the format is `space-separated-values` , the values can’t include spaces. +>>>>>>>> +>>>>>>>> (string) @@ -846 +895 @@ Rules -> (list) - * [AWS CLI 2.31.32 Command Reference](../../index.html) » + * [AWS CLI 2.31.35 Command Reference](../../index.html) »