AWS Security ChangesHomeSearch

AWS IAM high security documentation change

Service: IAM · 2026-06-16 · Security-related high

File: IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.md

Summary

Updated SAML audience endpoint to region-specific format

Security assessment

Change addresses potential token validation vulnerability by enforcing region-specific endpoints. Prevents token misuse across regions (audience restriction) which could lead to privilege escalation.

Diff

diff --git a/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.md b/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.md
index a8842c1af..521bbea6a 100644
--- a//IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.md
+++ b//IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.md
@@ -289 +289 @@ JSON
-              "SAML:aud": "https://signin.aws.amazon.com/saml"
+              "SAML:aud": "https://region-code.signin.aws.amazon.com/saml"