AWS Security ChangesHomeSearch

AWS cli documentation change

Service: cli · 2026-02-19 · Documentation low

File: cli/latest/reference/grafana/describe-workspace-authentication.md

Summary

Updated AWS CLI version reference, restructured authentication parameters, added status field for SAML configuration, reordered fields, and updated field descriptions for SAML and IAM Identity Center settings.

Security assessment

The changes restructure and clarify documentation for authentication settings including SAML configuration, role mappings, and session validity. While this improves documentation of security features like SAML attributes and session management, there's no evidence of addressing a specific vulnerability. The added 'status' field helps monitor SAML configuration state but doesn't indicate a security fix.

Diff

diff --git a/cli/latest/reference/grafana/describe-workspace-authentication.md b/cli/latest/reference/grafana/describe-workspace-authentication.md
index 1d1e0cdbf..2ff7137bc 100644
--- a//cli/latest/reference/grafana/describe-workspace-authentication.md
+++ b//cli/latest/reference/grafana/describe-workspace-authentication.md
@@ -15 +15 @@
-  * [AWS CLI 2.33.22 Command Reference](../../index.html) »
+  * [AWS CLI 2.33.25 Command Reference](../../index.html) »
@@ -98 +98 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/grafan
->   * pattern: `^g-[0-9a-f]{10}$`
+>   * pattern: `g-[0-9a-f]{10}`
@@ -205,8 +204,0 @@ authentication -> (structure)
-> awsSso -> (structure)
->
->> A structure containing information about how this workspace works with IAM Identity Center.
->> 
->> ssoClientId -> (string)
->>
->>> The ID of the IAM Identity Center-managed application that is created by Amazon Managed Grafana.
-> 
@@ -228,0 +221,11 @@ authentication -> (structure)
+>> 
+>> status -> (string) [required]
+>>
+>>> Specifies whether the workspace’s SAML configuration is complete.
+>>> 
+>>> Possible values:
+>>> 
+>>>   * `CONFIGURED`
+>>>   * `NOT_CONFIGURED`
+>>> 
+
@@ -234 +237 @@ authentication -> (structure)
->>> allowedOrganizations -> (list)
+>>> idpMetadata -> (tagged union structure) [required]
@@ -236 +239 @@ authentication -> (structure)
->>>> Lists which organizations defined in the SAML assertion are allowed to use the Amazon Managed Grafana workspace. If this is empty, all organizations in the assertion attribute have access.
+>>>> A structure containing the identity provider (IdP) metadata used to integrate the identity provider with this workspace.
@@ -238 +241,3 @@ authentication -> (structure)
->>>> (string)
+>>>> ### Note
+>>>> 
+>>>> This is a Tagged Union structure. Only one of the following top level keys can be set: `url`, `xml`.
@@ -239,0 +245,4 @@ authentication -> (structure)
+>>>> url -> (string)
+>>>>
+>>>>> The URL of the location containing the IdP metadata.
+>>>>> 
@@ -243 +252 @@ authentication -> (structure)
->>>>>   * max: `256`
+>>>>>   * max: `2048`
@@ -245,0 +255,4 @@ authentication -> (structure)
+>>>> 
+>>>> xml -> (string)
+>>>>
+>>>>> The full IdP metadata, in XML format.
@@ -251,12 +264 @@ authentication -> (structure)
->>>> email -> (string)
->>>>
->>>>> The name of the attribute within the SAML assertion to use as the email names for SAML users.
->>>>> 
->>>>> Constraints:
->>>>> 
->>>>>   * min: `1`
->>>>>   * max: `256`
->>>>> 
-
->>>> 
->>>> groups -> (string)
+>>>> name -> (string)
@@ -264 +266 @@ authentication -> (structure)
->>>>> The name of the attribute within the SAML assertion to use as the user full “friendly” names for user groups.
+>>>>> The name of the attribute within the SAML assertion to use as the user full “friendly” names for SAML users.
@@ -284 +286 @@ authentication -> (structure)
->>>> name -> (string)
+>>>> email -> (string)
@@ -286 +288 @@ authentication -> (structure)
->>>>> The name of the attribute within the SAML assertion to use as the user full “friendly” names for SAML users.
+>>>>> The name of the attribute within the SAML assertion to use as the email names for SAML users.
@@ -295 +297 @@ authentication -> (structure)
->>>> org -> (string)
+>>>> groups -> (string)
@@ -297 +299 @@ authentication -> (structure)
->>>>> The name of the attribute within the SAML assertion to use as the user full “friendly” names for the users’ organizations.
+>>>>> The name of the attribute within the SAML assertion to use as the user full “friendly” names for user groups.
@@ -316,8 +317,0 @@ authentication -> (structure)
->>> 
->>> idpMetadata -> (tagged union structure) [required]
->>>
->>>> A structure containing the identity provider (IdP) metadata used to integrate the identity provider with this workspace.
->>>> 
->>>> ### Note
->>>> 
->>>> This is a Tagged Union structure. Only one of the following top level keys can be set: `url`, `xml`.
@@ -325 +319 @@ authentication -> (structure)
->>>> url -> (string)
+>>>> org -> (string)
@@ -327 +321 @@ authentication -> (structure)
->>>>> The URL of the location containing the IdP metadata.
+>>>>> The name of the attribute within the SAML assertion to use as the user full “friendly” names for the users’ organizations.
@@ -332 +326 @@ authentication -> (structure)
->>>>>   * max: `2048`
+>>>>>   * max: `256`
@@ -335,8 +328,0 @@ authentication -> (structure)
->>>> 
->>>> xml -> (string)
->>>>
->>>>> The full IdP metadata, in XML format.
->>> 
->>> loginValidityDuration -> (integer)
->>>
->>>> How long a sign-on session by a SAML user is valid, before the user has to sign on again.
@@ -348 +334 @@ authentication -> (structure)
->>>> admin -> (list)
+>>>> editor -> (list)
@@ -350 +336 @@ authentication -> (structure)
->>>>> A list of groups from the SAML assertion attribute to grant the Grafana `Admin` role to.
+>>>>> A list of groups from the SAML assertion attribute to grant the Grafana `Editor` role to.
@@ -361 +347 @@ authentication -> (structure)
->>>> editor -> (list)
+>>>> admin -> (list)
@@ -363 +349 @@ authentication -> (structure)
->>>>> A list of groups from the SAML assertion attribute to grant the Grafana `Editor` role to.
+>>>>> A list of groups from the SAML assertion attribute to grant the Grafana `Admin` role to.
@@ -373,4 +358,0 @@ authentication -> (structure)
->> 
->> status -> (string) [required]
->>
->>> Specifies whether the workspace’s SAML configuration is complete.
@@ -378,4 +360 @@ authentication -> (structure)
->>> Possible values:
->>> 
->>>   * `CONFIGURED`
->>>   * `NOT_CONFIGURED`
+>>> allowedOrganizations -> (list)
@@ -382,0 +362,9 @@ authentication -> (structure)
+>>>> Lists which organizations defined in the SAML assertion are allowed to use the Amazon Managed Grafana workspace. If this is empty, all organizations in the assertion attribute have access.
+>>>> 
+>>>> (string)
+>>>>
+>>>>> Constraints:
+>>>>> 
+>>>>>   * min: `1`
+>>>>>   * max: `256`
+>>>>> 
@@ -383,0 +372,12 @@ authentication -> (structure)
+>>> 
+>>> loginValidityDuration -> (integer)
+>>>
+>>>> How long a sign-on session by a SAML user is valid, before the user has to sign on again.
+> 
+> awsSso -> (structure)
+>
+>> A structure containing information about how this workspace works with IAM Identity Center.
+>> 
+>> ssoClientId -> (string)
+>>
+>>> The ID of the IAM Identity Center-managed application that is created by Amazon Managed Grafana.
@@ -395 +395 @@ authentication -> (structure)
-  * [AWS CLI 2.33.22 Command Reference](../../index.html) »
+  * [AWS CLI 2.33.25 Command Reference](../../index.html) »