AWS Security ChangesHomeSearch

AWS IAM documentation change

Service: IAM · 2026-03-07 · Documentation medium

File: IAM/latest/UserGuide/reference_policies_iam-condition-keys.md

Summary

Updated CircleCI OIDC claim key from 'project_id' to 'oidc.circleci.com/project-id' with namespaced format

Security assessment

This change improves OIDC claim namespace specificity to prevent potential claim collisions, but there is no explicit mention of a resolved security vulnerability. It enhances security documentation by demonstrating proper namespacing practices.

Diff

diff --git a/IAM/latest/UserGuide/reference_policies_iam-condition-keys.md b/IAM/latest/UserGuide/reference_policies_iam-condition-keys.md
index b56de0979..b7fa2e41a 100644
--- a//IAM/latest/UserGuide/reference_policies_iam-condition-keys.md
+++ b//IAM/latest/UserGuide/reference_policies_iam-condition-keys.md
@@ -1154 +1154 @@ AWS STS condition key | IdP JWT claim | Available in session
-project_id | project-id | No  
+oidc.circleci.com/project-id | oidc.circleci.com/project-id | No  
@@ -1156 +1156 @@ project_id | project-id | No
-**project_id**
+**oidc.circleci.com/project-id**
@@ -1161 +1161 @@ Works with [string operators](./reference_policies_elements_condition_operators.
-**Example** – `oidc.circleci.com:project_id`
+**Example** – `circleci-issuer-url:oidc.circleci.com/project-id`
@@ -1165 +1165 @@ This key identifies the CircleCI project in which the job is running. Its value
-The following example trust policy uses the `project_id` claim to limit access to a role.
+The following example trust policy uses the `oidc.circleci.com/project-id` claim to limit access to a role.
@@ -1180 +1180 @@ The following example trust policy uses the `project_id` claim to limit access t
-              "oidc.circleci.com/org/12345:project_id": "76543210-ba98-fedc-3210-edcba0987654"
+              "oidc.circleci.com/org/12345:oidc.circleci.com/project-id": "76543210-ba98-fedc-3210-edcba0987654"