AWS cli documentation change
Summary
Updated CLI version reference and restructured profile field documentation including constraints reordering, pattern updates, and field description changes
Security assessment
Changes primarily involve documentation restructuring and pattern constraint updates (e.g. removing regex anchors). No explicit security vulnerabilities or weaknesses are addressed. The 'requireInstanceProperties' field note about being unused suggests no immediate security impact. Attribute mapping documentation was moved but not substantively changed.
Diff
diff --git a/cli/latest/reference/rolesanywhere/list-profiles.md b/cli/latest/reference/rolesanywhere/list-profiles.md index 56f5ca507..40fb5061d 100644 --- a//cli/latest/reference/rolesanywhere/list-profiles.md +++ b//cli/latest/reference/rolesanywhere/list-profiles.md @@ -15 +15 @@ - * [AWS CLI 2.32.11 Command Reference](../../index.html) » + * [AWS CLI 2.32.13 Command Reference](../../index.html) » @@ -225,5 +225 @@ profiles -> (list) ->> acceptRoleSessionName -> (boolean) ->> ->>> Used to determine if a custom role session name will be accepted in a temporary credential request. ->> ->> attributeMappings -> (list) +>> profileId -> (string) @@ -231 +227 @@ profiles -> (list) ->>> A mapping applied to the authenticating end-entity certificate. +>>> The unique identifier of the profile. @@ -233 +229,5 @@ profiles -> (list) ->>> (structure) +>>> Constraints: +>>> +>>> * min: `36` +>>> * max: `36` +>>> * pattern: `.*[a-f0-9]{8}-([a-z0-9]{4}-){3}[a-z0-9]{12}.*` @@ -235,31 +234,0 @@ profiles -> (list) ->>>> A mapping applied to the authenticating end-entity certificate. ->>>> ->>>> certificateField -> (string) ->>>> ->>>>> Fields (x509Subject, x509Issuer and x509SAN) within X.509 certificates. ->>>>> ->>>>> Possible values: ->>>>> ->>>>> * `x509Subject` ->>>>> * `x509Issuer` ->>>>> * `x509SAN` ->>>>> - ->>>> ->>>> mappingRules -> (list) ->>>> ->>>>> A list of mapping entries for every supported specifier or sub-field. ->>>>> ->>>>> (structure) ->>>>> ->>>>>> A single mapping entry for each supported specifier or sub-field. ->>>>>> ->>>>>> specifier -> (string) [required] ->>>>>> ->>>>>>> Specifier within a certificate field, such as CN, OU, or UID from the Subject field. ->>>>>>> ->>>>>>> Constraints: ->>>>>>> ->>>>>>> * min: `0` ->>>>>>> * max: `60` ->>>>>>> @@ -268,17 +237 @@ profiles -> (list) ->> createdAt -> (timestamp) ->> ->>> The ISO-8601 timestamp when the profile was created. ->> ->> createdBy -> (string) ->> ->>> The Amazon Web Services account that created the profile. ->> ->> durationSeconds -> (integer) ->> ->>> Used to determine how long sessions vended using this profile are valid for. See the `Expiration` section of the [CreateSession API documentation](https://docs.aws.amazon.com/rolesanywhere/latest/userguide/authentication-create-session.html#credentials-object) page for more details. In requests, if this value is not provided, the default value will be 3600. ->> ->> enabled -> (boolean) ->> ->>> Indicates whether the profile is enabled. ->> ->> managedPolicyArns -> (list) +>> profileArn -> (string) @@ -286 +239 @@ profiles -> (list) ->>> A list of managed policy ARNs that apply to the vended session credentials. +>>> The ARN of the profile. @@ -290,6 +243,3 @@ profiles -> (list) ->>> * min: `0` ->>> * max: `50` ->>> - ->>> ->>> (string) +>>> * min: `1` +>>> * max: `1011` +>>> * pattern: `arn:aws(-[^:]+)?:rolesanywhere(:.*){2}(:profile.*)` @@ -297,5 +246,0 @@ profiles -> (list) ->>>> Constraints: ->>>> ->>>> * min: `1` ->>>> * max: `200` ->>>> @@ -312 +257 @@ profiles -> (list) ->>> * pattern: `^[ a-zA-Z0-9-_]*$` +>>> * pattern: `[ a-zA-Z0-9-_]*` @@ -316 +261 @@ profiles -> (list) ->> profileArn -> (string) +>> requireInstanceProperties -> (boolean) @@ -318,9 +263 @@ profiles -> (list) ->>> The ARN of the profile. ->>> ->>> Constraints: ->>> ->>> * min: `1` ->>> * max: `1011` ->>> * pattern: `^arn:aws(-[^:]+)?:rolesanywhere(:.*){2}(:profile.*)$` ->>> - +>>> Unused, saved for future use. Will likely specify whether instance properties are required in temporary credential requests with this profile. @@ -328 +265 @@ profiles -> (list) ->> profileId -> (string) +>> enabled -> (boolean) @@ -330,9 +267 @@ profiles -> (list) ->>> The unique identifier of the profile. ->>> ->>> Constraints: ->>> ->>> * min: `36` ->>> * max: `36` ->>> * pattern: `[a-f0-9]{8}-([a-z0-9]{4}-){3}[a-z0-9]{12}` ->>> - +>>> Indicates whether the profile is enabled. @@ -340 +269,3 @@ profiles -> (list) ->> requireInstanceProperties -> (boolean) +>> createdBy -> (string) +>> +>>> The Amazon Web Services account that created the profile. @@ -342 +273,3 @@ profiles -> (list) ->>> Specifies whether instance properties are required in temporary credential requests with this profile. +>> sessionPolicy -> (string) +>> +>>> A session policy that applies to the trust boundary of the vended session credentials. @@ -361 +294 @@ profiles -> (list) ->>>> * pattern: `^arn:aws(-[^:]+)?:iam(:.*){2}(:role.*)$` +>>>> * pattern: `arn:aws(-[^:]+)?:iam(:.*){2}(:role.*)` @@ -365 +298 @@ profiles -> (list) ->> sessionPolicy -> (string) +>> managedPolicyArns -> (list) @@ -367 +300,21 @@ profiles -> (list) ->>> A session policy that applies to the trust boundary of the vended session credentials. +>>> A list of managed policy ARNs that apply to the vended session credentials. +>>> +>>> Constraints: +>>> +>>> * min: `0` +>>> * max: `50` +>>> + +>>> +>>> (string) +>>> +>>>> Constraints: +>>>> +>>>> * min: `1` +>>>> * max: `200` +>>>> + +>> +>> createdAt -> (timestamp) +>> +>>> The ISO-8601 timestamp when the profile was created. @@ -371,0 +325,47 @@ profiles -> (list) +>> +>> durationSeconds -> (integer) +>> +>>> Used to determine how long sessions vended using this profile are valid for. See the `Expiration` section of the [CreateSession API documentation](https://docs.aws.amazon.com/rolesanywhere/latest/userguide/authentication-create-session.html#credentials-object) page for more details. In requests, if this value is not provided, the default value will be 3600. +>> +>> acceptRoleSessionName -> (boolean) +>> +>>> Used to determine if a custom role session name will be accepted in a temporary credential request. +>> +>> attributeMappings -> (list) +>> +>>> A mapping applied to the authenticating end-entity certificate. +>>> +>>> (structure) +>>> +>>>> A mapping applied to the authenticating end-entity certificate. +>>>> +>>>> certificateField -> (string) +>>>> +>>>>> Fields (x509Subject, x509Issuer and x509SAN) within X.509 certificates. +>>>>> +>>>>> Possible values: +>>>>> +>>>>> * `x509Subject` +>>>>> * `x509Issuer` +>>>>> * `x509SAN` +>>>>> + +>>>> +>>>> mappingRules -> (list) +>>>> +>>>>> A list of mapping entries for every supported specifier or sub-field. +>>>>> +>>>>> (structure) +>>>>>