AWS AWSCloudFormation high security documentation change
Summary
Added documentation for JWT authorizer configuration including allowed scopes, custom claim validations, and OpenID Connect metadata URL
Security assessment
Directly documents security-critical JWT authentication mechanisms including scope validation and token signature verification via OpenID Connect metadata - core authorization controls.
Diff
diff --git a/AWSCloudFormation/latest/TemplateReference/aws-properties-bedrockagentcore-runtime-customjwtauthorizerconfiguration.md b/AWSCloudFormation/latest/TemplateReference/aws-properties-bedrockagentcore-runtime-customjwtauthorizerconfiguration.md index ec74183cb..64fad19b0 100644 --- a//AWSCloudFormation/latest/TemplateReference/aws-properties-bedrockagentcore-runtime-customjwtauthorizerconfiguration.md +++ b//AWSCloudFormation/latest/TemplateReference/aws-properties-bedrockagentcore-runtime-customjwtauthorizerconfiguration.md @@ -9 +9 @@ This is the new _CloudFormation Template Reference Guide_. Please update your bo -The `CustomJWTAuthorizerConfiguration` property type specifies Property description not available. for an [AWS::BedrockAgentCore::Runtime](./aws-resource-bedrockagentcore-runtime.html). +Configuration for inbound JWT-based authorization, specifying how incoming requests should be authenticated. @@ -46 +46 @@ To declare this entity in your CloudFormation template, use the following syntax -Represents inbound authorization configuration options used to authenticate incoming requests. +Represents individual audience values that are validated in the incoming JWT token validation process. @@ -72 +72 @@ _Required_ : No -Property description not available. +An array of scopes that are allowed to access the token. @@ -85 +85 @@ _Required_ : No -Property description not available. +An array of objects that define a custom claim validation name, value, and operation @@ -98 +98 @@ _Required_ : No -The configuration authorization. +This URL is used to fetch OpenID Connect configuration or authorization server metadata for validating incoming tokens.