AWS cli documentation change
Summary
Added documentation for new 'mcpserversigv4' service type supporting SigV4-authenticated MCP servers. This includes required parameters like roleArn for IAM authentication, region for SigV4 signing, and custom headers configuration.
Security assessment
The change introduces documentation for SigV4 authentication (AWS signature version 4), which is a security feature. It explicitly requires IAM role ARNs for secure access (roleArn) and details secure header configurations, but doesn't reference fixing any existing vulnerability.
Diff
diff --git a/cli/latest/reference/devops-agent/get-service.md b/cli/latest/reference/devops-agent/get-service.md index 64870084a..a1304a295 100644 --- a//cli/latest/reference/devops-agent/get-service.md +++ b//cli/latest/reference/devops-agent/get-service.md @@ -15 +15 @@ - * [AWS CLI 2.34.49 Command Reference](../../index.html) » + * [AWS CLI 2.34.52 Command Reference](../../index.html) » @@ -256,0 +257 @@ service -> (structure) +>> * `mcpserversigv4` @@ -284 +285 @@ service -> (structure) ->> This is a Tagged Union structure. Only one of the following top level keys can be set: `github`, `slack`, `mcpserverdatadog`, `mcpserver`, `servicenow`, `gitlab`, `mcpserversplunk`, `mcpservernewrelic`, `azuredevops`, `azureidentity`, `mcpservergrafana`, `pagerduty`. +>> This is a Tagged Union structure. Only one of the following top level keys can be set: `github`, `slack`, `mcpserverdatadog`, `mcpserver`, `servicenow`, `gitlab`, `mcpserversplunk`, `mcpservernewrelic`, `azuredevops`, `azureidentity`, `mcpservergrafana`, `pagerduty`, `mcpserversigv4`. @@ -603,0 +605,106 @@ service -> (structure) +>> +>> mcpserversigv4 -> (structure) +>> +>>> SigV4-authenticated MCP server-specific service details. +>>> +>>> name -> (string) [required] +>>> +>>>> MCP server name. +>>>> +>>>> Constraints: +>>>> +>>>> * pattern: `[a-zA-Z0-9_-]+` +>>>> + +>>> +>>> endpoint -> (string) [required] +>>> +>>>> MCP server endpoint URL. +>>>> +>>>> Constraints: +>>>> +>>>> * pattern: `https://[a-zA-Z0-9.-]+(?::[0-9]+)?(?:/.*)?` +>>>> + +>>> +>>> description -> (string) +>>> +>>>> Optional description for the MCP server. +>>>> +>>>> Constraints: +>>>> +>>>> * min: `0` +>>>> * max: `500` +>>>> * pattern: `[\p{L}\p{N}\p{P}\p{S}\p{Z}]+` +>>>> + +>>> +>>> region -> (string) [required] +>>> +>>>> AWS region for SigV4 signing. Use ‘*’ for SigV4a multi-region signing. +>>>> +>>>> Constraints: +>>>> +>>>> * min: `1` +>>>> * max: `50` +>>>> * pattern: `(\*|[a-z]{2,4}(-[a-z]+)+-\d+)` +>>>> + +>>> +>>> service -> (string) [required] +>>> +>>>> AWS service name for SigV4 signing. +>>>> +>>>> Constraints: +>>>> +>>>> * min: `1` +>>>> * max: `100` +>>>> + +>>> +>>> roleArn -> (string) [required] +>>> +>>>> IAM role ARN to assume for SigV4 signing. +>>>> +>>>> Constraints: +>>>> +>>>> * min: `1` +>>>> * max: `255` +>>>> * pattern: `arn:aws:iam::\d{12}:role/[a-zA-Z0-9+=,.@_/-]+` +>>>> + +>>> +>>> customHeaders -> (map) +>>> +>>>> Custom headers for the SigV4 MCP server. +>>>> +>>>> Constraints: +>>>> +>>>> * min: `0` +>>>> * max: `10` +>>>> + +>>>> +>>>> key -> (string) +>>>> +>>>>> HTTP header name. Allows alphanumeric characters, hyphens, and underscores. +>>>>> +>>>>> Constraints: +>>>>> +>>>>> * min: `1` +>>>>> * max: `256` +>>>>> * pattern: `[a-zA-Z0-9-_]+` +>>>>> + +>>>> +>>>> value -> (string) +>>>> +>>>>> Value type for custom headers. +>>>>> +>>>>> Constraints: +>>>>> +>>>>> * min: `1` +>>>>> * max: `4096` +>>>>> * pattern: `[!-~]([ \t]*[!-~])*` +>>>>> + @@ -666 +773 @@ tags -> (map) - * [AWS CLI 2.34.49 Command Reference](../../index.html) » + * [AWS CLI 2.34.52 Command Reference](../../index.html) »