AWS Security ChangesHomeSearch

AWS eventbridge medium security documentation change

Service: eventbridge · 2026-02-25 · Security-related medium

File: eventbridge/latest/userguide/eb-target-connection-auth.md

Summary

Clarified OAuth token refresh behavior and failure scenarios

Security assessment

Added specific details about token expiration handling (60-second threshold) and potential invocation failures. This addresses authentication reliability concerns and helps prevent unexpected connection failures.

Diff

diff --git a/eventbridge/latest/userguide/eb-target-connection-auth.md b/eventbridge/latest/userguide/eb-target-connection-auth.md
index 8526580b9..78c26ab0a 100644
--- a//eventbridge/latest/userguide/eb-target-connection-auth.md
+++ b//eventbridge/latest/userguide/eb-target-connection-auth.md
@@ -34 +34 @@ Keep in mind the following when using OAuth as an authorization method for conne
-    * Proactively during an HTTPS invocation, if the token is about to expire.
+    * Proactively during an HTTPS invocation, if the token expires within 60 seconds. This refresh only occurs when EventBridge processes an event for the API destination — it is not a background process. If no events arrive during this window, the next event triggers a synchronous token refresh, which may increase invocation latency or result in a failed invocation while the connection is reauthorizing.