AWS Security ChangesHomeSearch

AWS cli documentation change

Service: cli · 2025-11-13 · Documentation medium

File: cli/latest/reference/sts/assume-role-with-saml.md

Summary

Added note about IAM Identity Center managed roles incompatibility and updated CLI version

Security assessment

The added note clarifies security-related behavior (incompatibility with specific roles) but does not address a specific vulnerability. It improves documentation about secure role assumption limitations.

Diff

diff --git a/cli/latest/reference/sts/assume-role-with-saml.md b/cli/latest/reference/sts/assume-role-with-saml.md
index 73835a9c1..6d6db9b15 100644
--- a//cli/latest/reference/sts/assume-role-with-saml.md
+++ b//cli/latest/reference/sts/assume-role-with-saml.md
@@ -15 +15 @@
-  * [AWS CLI 2.31.32 Command Reference](../../index.html) »
+  * [AWS CLI 2.31.35 Command Reference](../../index.html) »
@@ -64 +64,5 @@ The temporary security credentials returned by this operation consist of an acce
-> **Session Duration**
+### Note
+
+> AssumeRoleWithSAML will not work on IAM Identity Center managed roles. These roles’ names start with `AWSReservedSSO_` .
+
+**Session Duration**
@@ -543 +547 @@ SourceIdentity -> (string)
-  * [AWS CLI 2.31.32 Command Reference](../../index.html) »
+  * [AWS CLI 2.31.35 Command Reference](../../index.html) »