AWS elasticloadbalancing documentation change
Summary
Added explicit note that only RS256 algorithm is supported for JWT verification.
Security assessment
Documents a technical limitation (algorithm support) that could prevent misconfiguration. RS256 is a security-relevant detail but doesn't address a specific vulnerability.
Diff
diff --git a/elasticloadbalancing/latest/application/listener-verify-jwt.md b/elasticloadbalancing/latest/application/listener-verify-jwt.md index ba843695a..6e9d5b1dc 100644 --- a//elasticloadbalancing/latest/application/listener-verify-jwt.md +++ b//elasticloadbalancing/latest/application/listener-verify-jwt.md @@ -34 +34 @@ Complete the following tasks: - 4. Include the JWT in a request header, and forward it to the Application Load Balancer in every request. + 4. Include the JWT in a request header, and forward it to the Application Load Balancer in every request. Note: Only the RS256 algorithm is supported