AWS elasticloadbalancing documentation change
Summary
Added JWT validation options to listener rule configuration
Security assessment
Introduces documentation for new JWT validation features that enhance security but doesn't indicate a specific vulnerability being addressed.
Diff
diff --git a/elasticloadbalancing/latest/application/add-rule.md b/elasticloadbalancing/latest/application/add-rule.md index 70a4f949b..a132cd2a6 100644 --- a//elasticloadbalancing/latest/application/add-rule.md +++ b//elasticloadbalancing/latest/application/add-rule.md @@ -75 +75 @@ Regex matching – Maximum 128 characters. - 9. (Optional) To add an authentication rule to an HTTPS listener, choose **Actions** , **Authenticate users** , chose an identity provider, and provide the required information. For more information, see [Authenticate users using an Application Load Balancer](./listener-authenticate-users.html). + 9. (Optional, HTTPS listeners only) For **Pre-routing action** , select one of the following actions: @@ -77 +77,5 @@ Regex matching – Maximum 128 characters. - 10. For **Actions** , **Routing action** , select one of the following routing actions and provide the required information: + * **Authenticate user** – Choose an identity provider and provide the required information. For more information, see [Authenticate users using an Application Load Balancer](./listener-authenticate-users.html). + + * **Validate token** – Enter the JWKS endpoint, issues, and any additional claims. For more information, see [Verify JWTs using an Application Load Balancer](./listener-verify-jwt.html). + + 10. For **Routing action** , select one of the following actions: