AWS singlesignon documentation change
Summary
Updated SAML provider ARN placeholder and expanded allowed audiences
Security assessment
Improved documentation for secure SAML configuration by using proper placeholders and expanding valid audience URIs. Enhances security best practice guidance but doesn't fix active vulnerabilities.
Diff
diff --git a/singlesignon/latest/userguide/emergency-access-one-time-setup-direct-IAM-federation-application-in-idp.md b/singlesignon/latest/userguide/emergency-access-one-time-setup-direct-IAM-federation-application-in-idp.md index c618f756a..e33113f3b 100644 --- a//singlesignon/latest/userguide/emergency-access-one-time-setup-direct-IAM-federation-application-in-idp.md +++ b//singlesignon/latest/userguide/emergency-access-one-time-setup-direct-IAM-federation-application-in-idp.md @@ -37 +37 @@ JSON - "Federated":"arn:aws:iam::123456789012:saml-provider/Okta" + "Federated":"arn:aws:iam::123456789012:saml-provider/[SAML PROVIDER NAME]" @@ -45 +45,6 @@ JSON - "SAML:aud": "https://signin.aws.amazon.com/saml" + "SAML:aud": [ + "https://signin.aws.amazon.com/saml", + "https://us-west-2.signin.aws.amazon.com/saml", + "https://us-west-1.signin.aws.amazon.com/saml", + "https://us-east-2.signin.aws.amazon.com/saml" + ]