AWS Security ChangesHomeSearch

AWS signin high security documentation change

Service: signin · 2026-05-19 · Security-related high

File: signin/latest/userguide/allowlist-domains.md

Summary

Added new domains (*.portal.*.app.aws, *.api.aws, oidc.*.api.aws, sso.*.api.aws) to allowlist

Security assessment

Adds new security-critical domains to allowlist documentation. Missing these could block legitimate AWS authentication services, causing service disruption and potential lockouts. Directly impacts secure access configuration.

Diff

diff --git a/signin/latest/userguide/allowlist-domains.md b/signin/latest/userguide/allowlist-domains.md
index 27081d9f2..22123cb27 100644
--- a//signin/latest/userguide/allowlist-domains.md
+++ b//signin/latest/userguide/allowlist-domains.md
@@ -58,0 +59,2 @@ If you or your organization implement IP or domain filtering, you may need to al
+  * `*.portal.*.app.aws`
+
@@ -60,0 +63,2 @@ If you or your organization implement IP or domain filtering, you may need to al
+  * `*.api.aws`
+
@@ -66,0 +71,2 @@ If you or your organization implement IP or domain filtering, you may need to al
+  * `oidc.*.api.aws`
+
@@ -72,0 +79,2 @@ If you or your organization implement IP or domain filtering, you may need to al
+  * `sso.*.api.aws`
+