AWS IAM documentation change
Summary
Updated CircleCI OIDC claim key from 'project_id' to 'oidc.circleci.com/project-id' with namespaced format
Security assessment
This change improves OIDC claim namespace specificity to prevent potential claim collisions, but there is no explicit mention of a resolved security vulnerability. It enhances security documentation by demonstrating proper namespacing practices.
Diff
diff --git a/IAM/latest/UserGuide/reference_policies_iam-condition-keys.md b/IAM/latest/UserGuide/reference_policies_iam-condition-keys.md index b56de0979..b7fa2e41a 100644 --- a//IAM/latest/UserGuide/reference_policies_iam-condition-keys.md +++ b//IAM/latest/UserGuide/reference_policies_iam-condition-keys.md @@ -1154 +1154 @@ AWS STS condition key | IdP JWT claim | Available in session -project_id | project-id | No +oidc.circleci.com/project-id | oidc.circleci.com/project-id | No @@ -1156 +1156 @@ project_id | project-id | No -**project_id** +**oidc.circleci.com/project-id** @@ -1161 +1161 @@ Works with [string operators](./reference_policies_elements_condition_operators. -**Example** – `oidc.circleci.com:project_id` +**Example** – `circleci-issuer-url:oidc.circleci.com/project-id` @@ -1165 +1165 @@ This key identifies the CircleCI project in which the job is running. Its value -The following example trust policy uses the `project_id` claim to limit access to a role. +The following example trust policy uses the `oidc.circleci.com/project-id` claim to limit access to a role. @@ -1180 +1180 @@ The following example trust policy uses the `project_id` claim to limit access t - "oidc.circleci.com/org/12345:project_id": "76543210-ba98-fedc-3210-edcba0987654" + "oidc.circleci.com/org/12345:oidc.circleci.com/project-id": "76543210-ba98-fedc-3210-edcba0987654"