AWS Security ChangesHomeSearch

AWS notifications documentation change

Service: notifications · 2026-04-10 · Documentation medium

File: notifications/latest/userguide/delivery-channels-managed-notifications.md

Summary

Added guidance about email allow lists for aggregated notifications and clarified email verification process requiring sign-in to the correct AWS account.

Security assessment

The change adds security documentation by advising organizations to add @aws.com domain to email allow lists to ensure notification delivery, and clarifies security controls around email verification (requiring sign-in to the correct AWS account). This helps prevent notification delivery failures and unauthorized email verification, but doesn't address a specific security vulnerability.

Diff

diff --git a/notifications/latest/userguide/delivery-channels-managed-notifications.md b/notifications/latest/userguide/delivery-channels-managed-notifications.md
index a5cfc1806..820350153 100644
--- a//notifications/latest/userguide/delivery-channels-managed-notifications.md
+++ b//notifications/latest/userguide/delivery-channels-managed-notifications.md
@@ -27,0 +28,2 @@ Emails you receive from User Notifications are sent from the domain `@aws.com`.
+Aggregated notifications are sent from `[email protected]`. If your organization uses an email allow list, add the `@aws.com` domain to ensure you receive all User Notifications emails.
+
@@ -41,0 +44,2 @@ A verification email is sent to newly added email addresses. You can generate an
+The recipient must be signed in to the AWS account that added the email address to complete the verification process. The verification link directs to the AWS Management Console.
+