AWS Security ChangesHomeSearch

AWS elasticloadbalancing documentation change

Service: elasticloadbalancing · 2026-03-07 · Documentation low

File: elasticloadbalancing/latest/application/listener-verify-jwt.md

Summary

Added section detailing JWT validation limits including JWKS endpoint requirements (max 150KB response size and 10 keys)

Security assessment

Documents operational limits of JWT validation feature but doesn't address a specific vulnerability. Helps prevent service disruption but no evidence of patching a security flaw.

Diff

diff --git a/elasticloadbalancing/latest/application/listener-verify-jwt.md b/elasticloadbalancing/latest/application/listener-verify-jwt.md
index 73bd8739e..289894bbb 100644
--- a//elasticloadbalancing/latest/application/listener-verify-jwt.md
+++ b//elasticloadbalancing/latest/application/listener-verify-jwt.md
@@ -5 +5 @@
-Prepare to use JWT verificationTo configure JWT verification using CLI
+Prepare to use JWT verificationJWT validation limitsTo configure JWT verification using CLI
@@ -38,0 +39,15 @@ Complete the following tasks:
+## JWT validation limits
+
+When using JWT validation with your Application Load Balancer, the JWKS (JSON Web Key Set) endpoint must meet the following requirements:
+
+  * **Maximum response size** : 150 KB
+
+  * **Maximum number of keys** : 10 keys
+
+
+
+
+If the JWKS response from your identity provider exceeds either of these limits, the Application Load Balancer will not forward requests to your backend targets.
+
+If your identity provider's JWKS endpoint exceeds these limits, consider implementing JWT validation in your application code or using an identity provider with a smaller key set.
+
@@ -93,0 +109,4 @@ Create a listener rule with an action to verify JWTs. The listener must be an HT
+###### Note
+
+When configuring JWT validation, ensure your JWKS endpoint response does not exceed 150 KB in size or contain more than 10 keys. Responses exceeding these limits will prevent request forwarding to your targets.
+