AWS rolesanywhere documentation change
Summary
Added notes clarifying ML-DSA private key limitations in credential helper and updated SDK documentation URLs
Security assessment
The changes document cryptographic algorithm support (ML-DSA limitations) which relates to security features, but there's no evidence of addressing a specific vulnerability. The notes clarify supported key types for secure authentication processes.
Diff
diff --git a/rolesanywhere/latest/userguide/credential-helper.md b/rolesanywhere/latest/userguide/credential-helper.md index 033419c50..59a2ceb74 100644 --- a//rolesanywhere/latest/userguide/credential-helper.md +++ b//rolesanywhere/latest/userguide/credential-helper.md @@ -330,0 +331,4 @@ Not required when using `--cert-selector` as the private key is inferred from th +###### Note + +ML-DSA private keys are not supported in the credential helper. + @@ -399,0 +404,4 @@ An identifier for the role session. Please see [The relationship between CreateS +###### Note + +ML-DSA private keys and certificates are not supported by the credential helper. However, certificates using RSA or ECDSA keys that are signed by a CA using ML-DSA (ML-DSA-44, ML-DSA-65, ML-DSA-87) is currently supported. + @@ -443 +451 @@ The following example shows a the `config` file that sets the helper tool as the -For using this profile with any AWS SDK not mentioned below, see 'Set a named profile' from [Using shared config and credentials files to globally configure AWS SDKs and tools](https://docs.aws.amazon.com/sdkref/latest/guide/file-format.html) +For using this profile with any AWS SDK not mentioned below, see 'Set a named profile' from [Using shared config and credentials files to globally configure AWS SDKs and tools](https://docs.aws.amazon.com//sdkref/latest/guide/file-format.html) @@ -451 +459 @@ To specify your Roles Anywhere enabled profile for use with Python, see [Boto3: -To specify your Roles Anywhere enabled profile for use with Java, see [Java 2.x: Use profiles](https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/credentials-profiles.html) +To specify your Roles Anywhere enabled profile for use with Java, see [Java 2.x: Use profiles](https://docs.aws.amazon.com//sdk-for-java/latest/developer-guide/credentials-profiles.html) @@ -455 +463 @@ To specify your Roles Anywhere enabled profile for use with Java, see [Java 2.x: -To specify your Roles Anywhere enabled profile for use with C#, see [Examples for classes SharedCredentialsFile and AWSCredentialsFactory](https://docs.aws.amazon.com/sdk-for-net/v3/developer-guide/creds-locate.html#creds-locate-cred-shared-file) +To specify your Roles Anywhere enabled profile for use with C#, see [Examples for classes SharedCredentialsFile and AWSCredentialsFactory](https://docs.aws.amazon.com//sdk-for-net/v3/developer-guide/creds-locate.html#creds-locate-cred-shared-file) @@ -459 +467 @@ To specify your Roles Anywhere enabled profile for use with C#, see [Examples fo -To specify your IAM Roles Anywhere enabled profile for use with Go, see the Specifying Profiles section in [Specifying Credentials](https://docs.aws.amazon.com/sdk-for-go/v2/developer-guide/configure-gosdk.html#specifying-credentials) +To specify your IAM Roles Anywhere enabled profile for use with Go, see the Specifying Profiles section in [Specifying Credentials](https://docs.aws.amazon.com//sdk-for-go/v2/developer-guide/configure-gosdk.html#specifying-credentials) @@ -666 +674 @@ If you updated the default profile, you don't need to specify the profile: -To specify your Roles Anywhere enabled profile for use with JavaScript, see [Loading Credentials in Node.js from the Shared Credentials File](https://docs.aws.amazon.com/sdk-for-javascript/v2/developer-guide/loading-node-credentials-shared.html) +To specify your Roles Anywhere enabled profile for use with JavaScript, see [Loading Credentials in Node.js from the Shared Credentials File](https://docs.aws.amazon.com//sdk-for-javascript/v2/developer-guide/loading-node-credentials-shared.html)