AWS IAM medium security documentation change
Summary
Updated SAML audience URL to include region-code parameter
Security assessment
Change enforces region-specific audience validation in SAML federation, preventing token reuse across regions. Addresses potential token misuse vulnerability by making audience checks more specific.
Diff
diff --git a/IAM/latest/UserGuide/tutorial_abac-saml.md b/IAM/latest/UserGuide/tutorial_abac-saml.md index 356f50f1b..ed3f2c222 100644 --- a//IAM/latest/UserGuide/tutorial_abac-saml.md +++ b//IAM/latest/UserGuide/tutorial_abac-saml.md @@ -81 +81 @@ JSON - "StringEquals": {"SAML:aud": "https://signin.aws.amazon.com/saml"} + "StringEquals": {"SAML:aud": "https://region-code.signin.aws.amazon.com/saml"}