AWS Security ChangesHomeSearch

AWS cli documentation change

Service: cli · 2026-04-19 · Documentation low

File: cli/latest/reference/datazone/get-domain.md

Summary

Updated IAM role ARN pattern regex from 'arn:aws[^:]*:iam::\d{12}:(role|role/service-role)/[\w+=,.@-]*' to 'arn:aws[^:]*:iam::\d{12}:role(/[a-zA-Z0-9+=,.@_-]+)*/[a-zA-Z0-9+=,.@_-]+' for domainExecutionRole and serviceRole fields

Security assessment

This appears to be a pattern correction for IAM role ARN validation. The new pattern is more permissive (allowing underscores and hyphens in path components) and supports nested paths. While ARN validation is security-relevant, there's no evidence this fixes a specific security vulnerability.

Diff

diff --git a/cli/latest/reference/datazone/get-domain.md b/cli/latest/reference/datazone/get-domain.md
index 2a96af54b..990d502f8 100644
--- a//cli/latest/reference/datazone/get-domain.md
+++ b//cli/latest/reference/datazone/get-domain.md
@@ -15 +15 @@
-  * [AWS CLI 2.34.29 Command Reference](../../index.html) »
+  * [AWS CLI 2.34.32 Command Reference](../../index.html) »
@@ -288 +288 @@ domainExecutionRole -> (string)
->   * pattern: `arn:aws[^:]*:iam::\d{12}:(role|role/service-role)/[\w+=,.@-]*`
+>   * pattern: `arn:aws[^:]*:iam::\d{12}:role(/[a-zA-Z0-9+=,.@_-]+)*/[a-zA-Z0-9+=,.@_-]+`
@@ -376 +376 @@ serviceRole -> (string)
->   * pattern: `arn:aws[^:]*:iam::\d{12}:(role|role/service-role)/[\w+=,.@-]*`
+>   * pattern: `arn:aws[^:]*:iam::\d{12}:role(/[a-zA-Z0-9+=,.@_-]+)*/[a-zA-Z0-9+=,.@_-]+`
@@ -390 +390 @@ serviceRole -> (string)
-  * [AWS CLI 2.34.29 Command Reference](../../index.html) »
+  * [AWS CLI 2.34.32 Command Reference](../../index.html) »