AWS Security ChangesHomeSearch

AWS IAM medium security documentation change

Service: IAM · 2026-06-16 · Security-related medium

File: IAM/latest/UserGuide/tutorial_abac-saml.md

Summary

Updated SAML audience URL to include region-code parameter

Security assessment

Change enforces region-specific audience validation in SAML federation, preventing token reuse across regions. Addresses potential token misuse vulnerability by making audience checks more specific.

Diff

diff --git a/IAM/latest/UserGuide/tutorial_abac-saml.md b/IAM/latest/UserGuide/tutorial_abac-saml.md
index 356f50f1b..ed3f2c222 100644
--- a//IAM/latest/UserGuide/tutorial_abac-saml.md
+++ b//IAM/latest/UserGuide/tutorial_abac-saml.md
@@ -81 +81 @@ JSON
-                    "StringEquals": {"SAML:aud": "https://signin.aws.amazon.com/saml"}
+                    "StringEquals": {"SAML:aud": "https://region-code.signin.aws.amazon.com/saml"}