AWS cli documentation change
Summary
Added documentation for ContentRedirection feature with HostToClient URL redirection configuration, including allowed and denied URL patterns with constraints and validation rules
Security assessment
This change documents a new security feature that allows administrators to control URL redirection from remote desktops to local browsers. The feature includes security controls like HTTPS enforcement, URL pattern validation with wildcards, and explicit allow/deny lists to prevent malicious redirects. This is a security enhancement feature rather than a fix for a specific security issue.
Diff
diff --git a/cli/latest/reference/appstream/describe-stacks.md b/cli/latest/reference/appstream/describe-stacks.md index 09f1f04e9..da9775f11 100644 --- a//cli/latest/reference/appstream/describe-stacks.md +++ b//cli/latest/reference/appstream/describe-stacks.md @@ -15 +15 @@ - * [AWS CLI 2.34.19 Command Reference](../../index.html) » + * [AWS CLI 2.34.20 Command Reference](../../index.html) » @@ -564,0 +565,58 @@ Stacks -> (list) +>> +>> ContentRedirection -> (structure) +>> +>>> Configuration for bidirectional URL redirection between the streaming session and the local client. Use HostToClient to redirect URLs from the remote desktop to the local browser. +>>> +>>> HostToClient -> (structure) +>>> +>>>> Configuration for redirecting URLs from the remote desktop to the local client browser. +>>>> +>>>> Enabled -> (boolean) [required] +>>>> +>>>>> Whether URL redirection is enabled for this direction. +>>>> +>>>> AllowedUrls -> (list) +>>>> +>>>>> List of URL patterns that are allowed to be redirected. URLs matching these patterns will be redirected unless they also match a pattern in the denied list. +>>>>> +>>>>> Constraints: +>>>>> +>>>>> * min: `0` +>>>>> * max: `100` +>>>>> + +>>>>> +>>>>> (string) +>>>>> +>>>>>> A glob pattern using wildcards (* for zero or more characters, ? for exactly one character) to match URLs for redirection rules. Patterns do not include a protocol prefix; HTTPS is enforced automatically. Valid examples: _, *.example.com, github.com/myorg/_ , api?.example.com Invalid examples: <https://example.com> (no protocol), empty string +>>>>>> +>>>>>> Constraints: +>>>>>> +>>>>>> * min: `1` +>>>>>> * max: `2048` +>>>>>> * pattern: `^(\*|https?://[^\s,;]+)$` +>>>>>> + +>>>> +>>>> DeniedUrls -> (list) +>>>> +>>>>> List of URL patterns that are denied from redirection. This list takes precedence over the allowed list. +>>>>> +>>>>> Constraints: +>>>>> +>>>>> * min: `0` +>>>>> * max: `100` +>>>>> + +>>>>> +>>>>> (string) +>>>>> +>>>>>> A glob pattern using wildcards (* for zero or more characters, ? for exactly one character) to match URLs for redirection rules. Patterns do not include a protocol prefix; HTTPS is enforced automatically. Valid examples: _, *.example.com, github.com/myorg/_ , api?.example.com Invalid examples: <https://example.com> (no protocol), empty string +>>>>>> +>>>>>> Constraints: +>>>>>> +>>>>>> * min: `1` +>>>>>> * max: `2048` +>>>>>> * pattern: `^(\*|https?://[^\s,;]+)$` +>>>>>> + @@ -586 +644 @@ NextToken -> (string) - * [AWS CLI 2.34.19 Command Reference](../../index.html) » + * [AWS CLI 2.34.20 Command Reference](../../index.html) »