AWS Security ChangesHomeSearch

AWS cli documentation change

Service: cli · 2026-05-07 · Documentation low

File: cli/latest/reference/bedrock-agentcore-control/create-oauth2-credential-provider.md

Summary

Updated documentation for OAuth2 credential provider: 1) Updated CLI version references from 2.34.41 to 2.34.44, 2) Enhanced description of intermediate domain usage for VPC routing, 3) Added clarification about TOKEN_EXCHANGE grant type configuration, 4) Added documentation about actor token scopes for M2M authentication

Security assessment

The changes improve documentation of security features: 1) Added security documentation about routing traffic through secure components (VPC endpoints/internal load balancers), 2) Enhanced documentation for OAuth2 TOKEN_EXCHANGE grant type (RFC 8693), 3) Added explicit documentation about scopes for M2M actor tokens. No evidence of addressing a specific security vulnerability.

Diff

diff --git a/cli/latest/reference/bedrock-agentcore-control/create-oauth2-credential-provider.md b/cli/latest/reference/bedrock-agentcore-control/create-oauth2-credential-provider.md
index a33f791b6..f2d0fbdcb 100644
--- a//cli/latest/reference/bedrock-agentcore-control/create-oauth2-credential-provider.md
+++ b//cli/latest/reference/bedrock-agentcore-control/create-oauth2-credential-provider.md
@@ -15 +15 @@
-  * [AWS CLI 2.34.41 Command Reference](../../index.html) »
+  * [AWS CLI 2.34.44 Command Reference](../../index.html) »
@@ -352 +352 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/bedroc
->>>>> An intermediate publicly resolvable domain used as the VPC Lattice resource configuration endpoint. Required when your private endpoint uses a domain that is not publicly resolvable.
+>>>>> An intermediate domain to use as the resource configuration endpoint instead of the actual target domain. Use this when you want to route traffic through an intermediate component such as a VPC endpoint or internal load balancer. For more information, see xref:lattice-vpc-egress-routing-domain[Route traffic through an intermediate domain].
@@ -504 +504 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/bedroc
->>>>>>> An intermediate publicly resolvable domain used as the VPC Lattice resource configuration endpoint. Required when your private endpoint uses a domain that is not publicly resolvable.
+>>>>>>> An intermediate domain to use as the resource configuration endpoint instead of the actual target domain. Use this when you want to route traffic through an intermediate component such as a VPC endpoint or internal load balancer. For more information, see xref:lattice-vpc-egress-routing-domain[Route traffic through an intermediate domain].
@@ -530 +530 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/bedroc
->>>> Configuration specific to TOKEN_EXCHANGE grant type (RFC 8693)
+>>>> Configuration specific to the TOKEN_EXCHANGE grant type (RFC 8693).
@@ -546 +546 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/bedroc
->>>>> Only valid when actorTokenContent is M2M
+>>>>> The scopes for the actor token. Only valid when actorTokenContent is M2M.
@@ -1295 +1295 @@ oauth2ProviderConfigOutput -> (tagged union structure)
->>>>> An intermediate publicly resolvable domain used as the VPC Lattice resource configuration endpoint. Required when your private endpoint uses a domain that is not publicly resolvable.
+>>>>> An intermediate domain to use as the resource configuration endpoint instead of the actual target domain. Use this when you want to route traffic through an intermediate component such as a VPC endpoint or internal load balancer. For more information, see xref:lattice-vpc-egress-routing-domain[Route traffic through an intermediate domain].
@@ -1447 +1447 @@ oauth2ProviderConfigOutput -> (tagged union structure)
->>>>>>> An intermediate publicly resolvable domain used as the VPC Lattice resource configuration endpoint. Required when your private endpoint uses a domain that is not publicly resolvable.
+>>>>>>> An intermediate domain to use as the resource configuration endpoint instead of the actual target domain. Use this when you want to route traffic through an intermediate component such as a VPC endpoint or internal load balancer. For more information, see xref:lattice-vpc-egress-routing-domain[Route traffic through an intermediate domain].
@@ -1473 +1473 @@ oauth2ProviderConfigOutput -> (tagged union structure)
->>>> Configuration specific to TOKEN_EXCHANGE grant type (RFC 8693)
+>>>> Configuration specific to the TOKEN_EXCHANGE grant type (RFC 8693).
@@ -1489 +1489 @@ oauth2ProviderConfigOutput -> (tagged union structure)
->>>>> Only valid when actorTokenContent is M2M
+>>>>> The scopes for the actor token. Only valid when actorTokenContent is M2M.
@@ -2130 +2130 @@ status -> (string)
-  * [AWS CLI 2.34.41 Command Reference](../../index.html) »
+  * [AWS CLI 2.34.44 Command Reference](../../index.html) »