AWS Security ChangesHomeSearch

AWS IAM documentation change

Service: IAM · 2026-05-28 · Documentation medium

File: IAM/latest/UserGuide/document-history.md

Summary

Documented support for job_workflow_ref claim in GitHub Actions OIDC provider.

Security assessment

Adds alternative secure-by-default claim option for GitHub OIDC, improving authentication security. No vulnerability is explicitly mentioned.

Diff

diff --git a/IAM/latest/UserGuide/document-history.md b/IAM/latest/UserGuide/document-history.md
index 6ae15cbb4..c5cba3ce7 100644
--- a//IAM/latest/UserGuide/document-history.md
+++ b//IAM/latest/UserGuide/document-history.md
@@ -12,0 +13 @@ Change| Description| Date
+[job_workflow_ref accepted as alternative scoping claim for GitHub Actions OIDC provider](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc_secure-by-default.html)| For the GitHub Actions OIDC provider, IAM now accepts either the `sub` claim or the `job_workflow_ref` claim as the identity-provider control in role trust policies.| May 12, 2026