AWS cli documentation change
Summary
Added support for SigV4-authenticated MCP server (mcpserversigv4) with IAM role-based authentication, updated pattern constraints to allow printable ASCII characters, and added min/max length constraints.
Security assessment
The change introduces documentation for SigV4 authentication using IAM roles (security feature), but there's no evidence of addressing a specific vulnerability. It enhances security by adding support for AWS signature-based authentication.
Diff
diff --git a/cli/latest/reference/devops-agent/register-service.md b/cli/latest/reference/devops-agent/register-service.md index 83c347e61..0c6057a97 100644 --- a//cli/latest/reference/devops-agent/register-service.md +++ b//cli/latest/reference/devops-agent/register-service.md @@ -15 +15 @@ - * [AWS CLI 2.34.49 Command Reference](../../index.html) » + * [AWS CLI 2.34.52 Command Reference](../../index.html) » @@ -114,0 +115 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/devops +> * `mcpserversigv4` @@ -124 +125 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/devops -> This is a Tagged Union structure. Only one of the following top level keys can be set: `dynatrace`, `servicenow`, `mcpserverdatadog`, `mcpserver`, `gitlab`, `mcpserversplunk`, `mcpservernewrelic`, `eventChannel`, `mcpservergrafana`, `pagerduty`, `azureidentity`. +> This is a Tagged Union structure. Only one of the following top level keys can be set: `dynatrace`, `servicenow`, `mcpserverdatadog`, `mcpserver`, `gitlab`, `mcpserversplunk`, `mcpservernewrelic`, `eventChannel`, `mcpservergrafana`, `pagerduty`, `azureidentity`, `mcpserversigv4`. @@ -174 +175 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/devops ->>>>> * pattern: `[a-zA-Z0-9._-]+` +>>>>> * pattern: `[\u0020-\u007E]+` @@ -248 +249 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/devops ->>>>> * pattern: `[a-zA-Z0-9._-]+` +>>>>> * pattern: `[\u0020-\u007E]+` @@ -400 +401 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/devops ->>>>> * pattern: `[a-zA-Z0-9._-]+` +>>>>> * pattern: `[\u0020-\u007E]+` @@ -466 +467 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/devops ->>>>> * pattern: `[a-zA-Z0-9._-]+` +>>>>> * pattern: `[\u0020-\u007E]+` @@ -722 +723 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/devops ->>>>> * pattern: `[a-zA-Z0-9._-]+` +>>>>> * pattern: `[\u0020-\u007E]+` @@ -788 +789 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/devops ->>>>> * pattern: `[a-zA-Z0-9._-]+` +>>>>> * pattern: `[\u0020-\u007E]+` @@ -969,0 +971,2 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/devops +>>>>> * min: `3` +>>>>> * max: `7` @@ -1103 +1106 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/devops ->>>>> * pattern: `[a-zA-Z0-9._-]+` +>>>>> * pattern: `[\u0020-\u007E]+` @@ -1169 +1172 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/devops ->>>>> * pattern: `[a-zA-Z0-9._-]+` +>>>>> * pattern: `[\u0020-\u007E]+` @@ -1360 +1363 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/devops ->>>>> * pattern: `[a-zA-Z0-9._-]+` +>>>>> * pattern: `[\u0020-\u007E]+` @@ -1430,0 +1434,110 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/devops +> +> mcpserversigv4 -> (structure) +> +>> SigV4-authenticated MCP server-specific service details. +>> +>> name -> (string) [required] +>> +>>> MCP server name. +>>> +>>> Constraints: +>>> +>>> * pattern: `[a-zA-Z0-9_-]+` +>>> + +>> +>> endpoint -> (string) [required] +>> +>>> MCP server endpoint URL. +>>> +>>> Constraints: +>>> +>>> * pattern: `https://[a-zA-Z0-9.-]+(?::[0-9]+)?(?:/.*)?` +>>> + +>> +>> description -> (string) +>> +>>> Optional description for the MCP server. +>>> +>>> Constraints: +>>> +>>> * min: `0` +>>> * max: `500` +>>> * pattern: `[\p{L}\p{N}\p{P}\p{S}\p{Z}]+` +>>> + +>> +>> authorizationConfig -> (structure) [required] +>> +>>> MCP Server SigV4 authorization configuration. +>>> +>>> region -> (string) [required] +>>> +>>>> AWS region for SigV4 signing. Use ‘*’ for SigV4a multi-region signing. +>>>> +>>>> Constraints: +>>>> +>>>> * min: `1` +>>>> * max: `50` +>>>> * pattern: `(\*|[a-z]{2,4}(-[a-z]+)+-\d+)` +>>>> + +>>> +>>> service -> (string) [required] +>>> +>>>> AWS service name for SigV4 signing. +>>>> +>>>> Constraints: +>>>> +>>>> * min: `1` +>>>> * max: `100` +>>>> + +>>> +>>> roleArn -> (string) [required] +>>> +>>>> IAM role ARN to assume for SigV4 signing. +>>>> +>>>> Constraints: +>>>> +>>>> * min: `1` +>>>> * max: `255` +>>>> * pattern: `arn:aws:iam::\d{12}:role/[a-zA-Z0-9+=,.@_/-]+` +>>>> + +>>> +>>> customHeaders -> (map) +>>> +>>>> Custom headers for the SigV4 MCP server. +>>>> +>>>> Constraints: +>>>> +>>>> * min: `0` +>>>> * max: `10` +>>>> + +>>>> +>>>> key -> (string) +>>>> +>>>>> HTTP header name. Allows alphanumeric characters, hyphens, and underscores. +>>>>> +>>>>> Constraints: +>>>>> +>>>>> * min: `1` +>>>>> * max: `256` +>>>>> * pattern: `[a-zA-Z0-9-_]+` +>>>>> + +>>>> +>>>> value -> (string) +>>>> +>>>>> Value type for custom headers. +>>>>> +>>>>> Constraints: +>>>>> +>>>>> * min: `1` +>>>>> * max: `4096` +>>>>> * pattern: `[!-~]([ \t]*[!-~])*` +>>>>> + @@ -1630,0 +1744,12 @@ JSON Syntax: + }, + "mcpserversigv4": { + "name": "string", + "endpoint": "string", + "description": "string", + "authorizationConfig": { + "region": "string", + "service": "string", + "roleArn": "string", + "customHeaders": {"string": "string" + ...} + } @@ -1901 +2026 @@ tags -> (map) - * [AWS CLI 2.34.49 Command Reference](../../index.html) » + * [AWS CLI 2.34.52 Command Reference](../../index.html) »