AWS IAM documentation change
Summary
Documented support for job_workflow_ref claim in GitHub Actions OIDC provider.
Security assessment
Adds alternative secure-by-default claim option for GitHub OIDC, improving authentication security. No vulnerability is explicitly mentioned.
Diff
diff --git a/IAM/latest/UserGuide/document-history.md b/IAM/latest/UserGuide/document-history.md index 6ae15cbb4..c5cba3ce7 100644 --- a//IAM/latest/UserGuide/document-history.md +++ b//IAM/latest/UserGuide/document-history.md @@ -12,0 +13 @@ Change| Description| Date +[job_workflow_ref accepted as alternative scoping claim for GitHub Actions OIDC provider](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc_secure-by-default.html)| For the GitHub Actions OIDC provider, IAM now accepts either the `sub` claim or the `job_workflow_ref` claim as the identity-provider control in role trust policies.| May 12, 2026