AWS cli documentation change
Summary
Updated IAM role ARN pattern regex from 'arn:aws[^:]*:iam::\d{12}:(role|role/service-role)/[\w+=,.@-]*' to 'arn:aws[^:]*:iam::\d{12}:role(/[a-zA-Z0-9+=,.@_-]+)*/[a-zA-Z0-9+=,.@_-]+' for domainExecutionRole and serviceRole fields
Security assessment
This appears to be a pattern correction for IAM role ARN validation. The new pattern is more permissive (allowing underscores and hyphens in path components) and supports nested paths. While ARN validation is security-relevant, there's no evidence this fixes a specific security vulnerability.
Diff
diff --git a/cli/latest/reference/datazone/get-domain.md b/cli/latest/reference/datazone/get-domain.md index 2a96af54b..990d502f8 100644 --- a//cli/latest/reference/datazone/get-domain.md +++ b//cli/latest/reference/datazone/get-domain.md @@ -15 +15 @@ - * [AWS CLI 2.34.29 Command Reference](../../index.html) » + * [AWS CLI 2.34.32 Command Reference](../../index.html) » @@ -288 +288 @@ domainExecutionRole -> (string) -> * pattern: `arn:aws[^:]*:iam::\d{12}:(role|role/service-role)/[\w+=,.@-]*` +> * pattern: `arn:aws[^:]*:iam::\d{12}:role(/[a-zA-Z0-9+=,.@_-]+)*/[a-zA-Z0-9+=,.@_-]+` @@ -376 +376 @@ serviceRole -> (string) -> * pattern: `arn:aws[^:]*:iam::\d{12}:(role|role/service-role)/[\w+=,.@-]*` +> * pattern: `arn:aws[^:]*:iam::\d{12}:role(/[a-zA-Z0-9+=,.@_-]+)*/[a-zA-Z0-9+=,.@_-]+` @@ -390 +390 @@ serviceRole -> (string) - * [AWS CLI 2.34.29 Command Reference](../../index.html) » + * [AWS CLI 2.34.32 Command Reference](../../index.html) »