AWS Security ChangesHomeSearch

AWS AWSCloudFormation high security documentation change

Service: AWSCloudFormation · 2026-02-28 · Security-related high

File: AWSCloudFormation/latest/TemplateReference/aws-properties-bedrockagentcore-runtime-customjwtauthorizerconfiguration.md

Summary

Added documentation for JWT authorizer configuration including allowed scopes, custom claim validations, and OpenID Connect metadata URL

Security assessment

Directly documents security-critical JWT authentication mechanisms including scope validation and token signature verification via OpenID Connect metadata - core authorization controls.

Diff

diff --git a/AWSCloudFormation/latest/TemplateReference/aws-properties-bedrockagentcore-runtime-customjwtauthorizerconfiguration.md b/AWSCloudFormation/latest/TemplateReference/aws-properties-bedrockagentcore-runtime-customjwtauthorizerconfiguration.md
index ec74183cb..64fad19b0 100644
--- a//AWSCloudFormation/latest/TemplateReference/aws-properties-bedrockagentcore-runtime-customjwtauthorizerconfiguration.md
+++ b//AWSCloudFormation/latest/TemplateReference/aws-properties-bedrockagentcore-runtime-customjwtauthorizerconfiguration.md
@@ -9 +9 @@ This is the new _CloudFormation Template Reference Guide_. Please update your bo
-The `CustomJWTAuthorizerConfiguration` property type specifies Property description not available. for an [AWS::BedrockAgentCore::Runtime](./aws-resource-bedrockagentcore-runtime.html).
+Configuration for inbound JWT-based authorization, specifying how incoming requests should be authenticated.
@@ -46 +46 @@ To declare this entity in your CloudFormation template, use the following syntax
-Represents inbound authorization configuration options used to authenticate incoming requests. 
+Represents individual audience values that are validated in the incoming JWT token validation process.
@@ -72 +72 @@ _Required_ : No
-Property description not available.
+An array of scopes that are allowed to access the token.
@@ -85 +85 @@ _Required_ : No
-Property description not available.
+An array of objects that define a custom claim validation name, value, and operation 
@@ -98 +98 @@ _Required_ : No
-The configuration authorization.
+This URL is used to fetch OpenID Connect configuration or authorization server metadata for validating incoming tokens.