AWS Security ChangesHomeSearch

AWS signin medium security documentation change

Service: signin · 2026-05-22 · Security-related medium

File: signin/latest/userguide/allowlist-domains.md

Summary

Added IPv4 and dual-stack domain allowlists for web-content filtering solutions

Security assessment

Explicitly documents security-critical domains required for AWS portal access, including threat mitigation endpoints. This addresses potential service disruptions caused by overzealous firewalls and helps maintain secure access to AWS services.

Diff

diff --git a/signin/latest/userguide/allowlist-domains.md b/signin/latest/userguide/allowlist-domains.md
index 22123cb27..f21e4c3d0 100644
--- a//signin/latest/userguide/allowlist-domains.md
+++ b//signin/latest/userguide/allowlist-domains.md
@@ -33,0 +34,4 @@ If you filter access to specific AWS domains or URL endpoints by using a web con
+The following lists provide the IPv4 and dual-stack domains and URL endpoints to add to your web-content filtering solution allowlists. For more information about dual-stack endpoints, see [Update firewalls and gateways to allow access to the AWS access portal](https://docs.aws.amazon.com/singlesignon/latest/userguide/enable-identity-center-portal-access.html) in the _IAM Identity Center User Guide_.
+
+###### IPv4 allow list
+
@@ -35,0 +40,2 @@ If you filter access to specific AWS domains or URL endpoints by using a web con
+  * ``[IAM Identity Center instance ID]`.`[Region]`.portal.amazonaws.com`
+
@@ -52,0 +59,33 @@ If you filter access to specific AWS domains or URL endpoints by using a web con
+###### Dual-stack allow list
+
+  * ``[IAM Identity Center instance ID]`.portal.`[Region]`.app.aws`
+
+  * `*.aws.dev`
+
+  * `*.awsstatic.com`
+
+  * `*.console.aws.a2z.com`
+
+  * `oidc.`[Region]`.api.aws`
+
+  * `sso.`[Region]`.api.aws`
+
+  * `portal.sso.`[Region]`.api.aws`
+
+  * ``[Region]`.sso.signin.aws`
+
+  * ``[Region]`.signin.aws.amazon.com`
+
+  * `signin.aws.amazon.com`
+
+  * `*.cloudfront.net`
+
+  * `cdn.us-east-1.threat-mitigation.aws.amazon.com`
+
+  * `us-east-1.threat-mitigation.aws.amazon.com`
+
+  * `amcs-captcha-prod-us-east-1.s3.dualstack.us-east-1.amazonaws.com`
+
+
+
+