AWS IAM high security documentation change
Summary
Updated SAML audience endpoint to region-specific format
Security assessment
Change addresses potential token validation vulnerability by enforcing region-specific endpoints. Prevents token misuse across regions (audience restriction) which could lead to privilege escalation.
Diff
diff --git a/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.md b/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.md index a8842c1af..521bbea6a 100644 --- a//IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.md +++ b//IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.md @@ -289 +289 @@ JSON - "SAML:aud": "https://signin.aws.amazon.com/saml" + "SAML:aud": "https://region-code.signin.aws.amazon.com/saml"