AWS Security ChangesHomeSearch

AWS cli documentation change

Service: cli · 2026-03-31 · Documentation medium

File: cli/latest/reference/appstream/update-stack.md

Summary

Added CONTENT_REDIRECTION as an updatable attribute and documented the ContentRedirection structure in the output, similar to describe-stacks

Security assessment

This change allows updating the ContentRedirection settings, which is a security feature that controls URL redirection. It enables administrators to manage allowed and denied URL patterns for redirection, enhancing security by restricting potentially malicious redirects. No evidence of a specific security issue being fixed.

Diff

diff --git a/cli/latest/reference/appstream/update-stack.md b/cli/latest/reference/appstream/update-stack.md
index 020ba6ac8..a52bce59c 100644
--- a//cli/latest/reference/appstream/update-stack.md
+++ b//cli/latest/reference/appstream/update-stack.md
@@ -15 +15 @@
-  * [AWS CLI 2.34.19 Command Reference](../../index.html) »
+  * [AWS CLI 2.34.20 Command Reference](../../index.html) »
@@ -271,0 +272 @@ JSON Syntax:
+>>   * `CONTENT_REDIRECTION`
@@ -928,0 +930,58 @@ Stack -> (structure)
+> 
+> ContentRedirection -> (structure)
+>
+>> Configuration for bidirectional URL redirection between the streaming session and the local client. Use HostToClient to redirect URLs from the remote desktop to the local browser.
+>> 
+>> HostToClient -> (structure)
+>>
+>>> Configuration for redirecting URLs from the remote desktop to the local client browser.
+>>> 
+>>> Enabled -> (boolean) [required]
+>>>
+>>>> Whether URL redirection is enabled for this direction.
+>>> 
+>>> AllowedUrls -> (list)
+>>>
+>>>> List of URL patterns that are allowed to be redirected. URLs matching these patterns will be redirected unless they also match a pattern in the denied list.
+>>>> 
+>>>> Constraints:
+>>>> 
+>>>>   * min: `0`
+>>>>   * max: `100`
+>>>> 
+
+>>>> 
+>>>> (string)
+>>>>
+>>>>> A glob pattern using wildcards (* for zero or more characters, ? for exactly one character) to match URLs for redirection rules. Patterns do not include a protocol prefix; HTTPS is enforced automatically. Valid examples: _, *.example.com, github.com/myorg/_ , api?.example.com Invalid examples: <https://example.com> (no protocol), empty string
+>>>>> 
+>>>>> Constraints:
+>>>>> 
+>>>>>   * min: `1`
+>>>>>   * max: `2048`
+>>>>>   * pattern: `^(\*|https?://[^\s,;]+)$`
+>>>>> 
+
+>>> 
+>>> DeniedUrls -> (list)
+>>>
+>>>> List of URL patterns that are denied from redirection. This list takes precedence over the allowed list.
+>>>> 
+>>>> Constraints:
+>>>> 
+>>>>   * min: `0`
+>>>>   * max: `100`
+>>>> 
+
+>>>> 
+>>>> (string)
+>>>>
+>>>>> A glob pattern using wildcards (* for zero or more characters, ? for exactly one character) to match URLs for redirection rules. Patterns do not include a protocol prefix; HTTPS is enforced automatically. Valid examples: _, *.example.com, github.com/myorg/_ , api?.example.com Invalid examples: <https://example.com> (no protocol), empty string
+>>>>> 
+>>>>> Constraints:
+>>>>> 
+>>>>>   * min: `1`
+>>>>>   * max: `2048`
+>>>>>   * pattern: `^(\*|https?://[^\s,;]+)$`
+>>>>> 
+
@@ -940 +999 @@ Stack -> (structure)
-  * [AWS CLI 2.34.19 Command Reference](../../index.html) »
+  * [AWS CLI 2.34.20 Command Reference](../../index.html) »