AWS Security ChangesHomeSearch

AWS singlesignon documentation change

Service: singlesignon · 2026-04-04 · Documentation low

File: singlesignon/latest/OIDCAPIReference/CommonErrors.md

Summary

Updated error descriptions for clarity and actionability, reorganized error entries, swapped positions of UnrecognizedClientException and UnknownOperationException with updated HTTP status codes, and removed RequestExpired error entry.

Security assessment

The changes are editorial improvements to error messages, providing clearer guidance and better user experience. No evidence of addressing a specific security vulnerability or incident. Changes include improved wording for authentication/authorization errors (e.g., AccessDeniedException, ExpiredTokenException, InvalidSignatureException) but these are routine documentation clarifications rather than responses to security issues. The removal of RequestExpired error doesn't indicate a security fix but rather a documentation reorganization.

Diff

diff --git a/singlesignon/latest/OIDCAPIReference/CommonErrors.md b/singlesignon/latest/OIDCAPIReference/CommonErrors.md
index f717fe53e..67edd9a09 100644
--- a//singlesignon/latest/OIDCAPIReference/CommonErrors.md
+++ b//singlesignon/latest/OIDCAPIReference/CommonErrors.md
@@ -5 +5 @@
-# Common Errors
+# Common Error Types
@@ -7 +7 @@
-This section lists the errors common to the API actions of all AWS services. For errors specific to an API action for this service, see the topic for that API action.
+This section lists common error types that this AWS service may return. Not all services return all error types listed here. For errors specific to an API action for this service, see the topic for that API action.
@@ -12 +12 @@ This section lists the errors common to the API actions of all AWS services. For
-You do not have sufficient access to perform this action.
+You don't have permission to perform this action. Verify that your IAM policy includes the required permissions.
@@ -19 +19 @@ HTTP Status Code: 403
-The security token included in the request is expired
+The security token included in the request has expired. Request a new security token and try again.
@@ -26 +26 @@ HTTP Status Code: 403
-The request signature does not conform to AWS standards.
+The request signature doesn't conform to AWS standards. Verify that you're using valid AWS credentials and that your request is properly formatted. If you're using an SDK, ensure it's up to date.
@@ -33 +33 @@ HTTP Status Code: 403
-The request processing has failed because of an unknown error, exception or failure.
+The request can't be processed right now because of an internal server issue. Try again later. If the problem persists, contact AWS Support.
@@ -40 +40 @@ HTTP Status Code: 500
-Problems with the request at the HTTP level, e.g. we can't decompress the body according to the decompression algorithm specified by the content-encoding.
+The request body can't be processed. This typically happens when the request body can't be decompressed using the specified content encoding algorithm. Verify that the content encoding header matches the compression format used.
@@ -47 +47 @@ HTTP Status Code: 400
-You do not have permission to perform this action.
+You don't have permissions to perform this action. Verify that your IAM policy includes the required permissions.
@@ -54 +54 @@ HTTP Status Code: 401
-The AWS access key ID needs a subscription for the service.
+Your AWS account needs a subscription for this service. Verify that you've enabled the service in your account.
@@ -61 +61 @@ HTTP Status Code: 403
-Convenient exception that can be used when a request is aborted before a reply is sent back (e.g. client closed connection).
+The request was aborted before a response could be returned. This typically happens when the client closes the connection.
@@ -68 +68 @@ HTTP Status Code: 400
-Problems with the request at the HTTP level. The request entity is too large.
+The request entity is too large. Reduce the size of the request body and try again.
@@ -72,7 +71,0 @@ HTTP Status Code: 413
-**RequestExpired**
-    
-
-The request reached the service more than 15 minutes after the date stamp on the request or more than 15 minutes after the request expiration date (such as for pre-signed URLs), or the date stamp on the request is more than 15 minutes in the future.
-
-HTTP Status Code: 400
-
@@ -82 +75 @@ HTTP Status Code: 400
-Problems with the request at the HTTP level. Reading the Request timed out.
+The request timed out. The server didn't receive the complete request within the expected time frame. Try again.
@@ -89 +82 @@ HTTP Status Code: 408
-The request has failed due to a temporary failure of the server.
+The service is temporarily unavailable. Try again later.
@@ -96 +89 @@ HTTP Status Code: 503
-The request was denied due to request throttling.
+Your request rate is too high. The AWS SDKs automatically retry requests that receive this exception. Reduce the frequency of requests.
@@ -100 +93 @@ HTTP Status Code: 400
-**UnrecognizedClientException**
+**UnknownOperationException**
@@ -103 +96 @@ HTTP Status Code: 400
-The X.509 certificate or AWS access key ID provided does not exist in our records.
+The action or operation isn't recognized. Verify that the action name is spelled correctly and that it's supported by the API version you're using.
@@ -105 +98 @@ The X.509 certificate or AWS access key ID provided does not exist in our record
-HTTP Status Code: 403
+HTTP Status Code: 404
@@ -107 +100 @@ HTTP Status Code: 403
-**UnknownOperationException**
+**UnrecognizedClientException**
@@ -110 +103 @@ HTTP Status Code: 403
-The action or operation requested is invalid. Verify that the action is typed correctly.
+The X.509 certificate or AWS access key ID you provided doesn't exist in our records. Verify that you're using valid credentials and that they haven't expired.
@@ -112 +105 @@ The action or operation requested is invalid. Verify that the action is typed co
-HTTP Status Code: 404
+HTTP Status Code: 403
@@ -117 +110 @@ HTTP Status Code: 404
-The input fails to satisfy the constraints specified by an AWS service.
+The input doesn't meet the required format or constraints. Check that all required parameters are included and that values are valid.