AWS Security ChangesHomeSearch

AWS cli documentation change

Service: cli · 2026-06-19 · Documentation low

File: cli/latest/reference/devops-agent/register-service.md

Summary

Added documentation for 'remoteagent' and 'remoteagentsigv4' service types including their authentication configurations, updated CLI version references, and relaxed constraints for some fields

Security assessment

The change adds new authentication methods (API key, OAuth client credentials, bearer token, and SigV4) for remote agents, which are security features. However, there is no evidence this addresses a specific security vulnerability. The constraint relaxations (min:1→0) appear to be usability improvements rather than security fixes.

Diff

diff --git a/cli/latest/reference/devops-agent/register-service.md b/cli/latest/reference/devops-agent/register-service.md
index b10071e50..869335419 100644
--- a//cli/latest/reference/devops-agent/register-service.md
+++ b//cli/latest/reference/devops-agent/register-service.md
@@ -15 +15 @@
-  * [AWS CLI 2.35.5 Command Reference](../../index.html) »
+  * [AWS CLI 2.35.8 Command Reference](../../index.html) »
@@ -117,0 +118,2 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/devops
+>   * `remoteagent`
+>   * `remoteagentsigv4`
@@ -127 +129 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/devops
-> This is a Tagged Union structure. Only one of the following top level keys can be set: `dynatrace`, `servicenow`, `mcpserverdatadog`, `mcpserver`, `gitlab`, `mcpserversplunk`, `mcpservernewrelic`, `eventChannel`, `mcpservergrafana`, `pagerduty`, `azureidentity`, `mcpserversigv4`.
+> This is a Tagged Union structure. Only one of the following top level keys can be set: `dynatrace`, `servicenow`, `mcpserverdatadog`, `mcpserver`, `gitlab`, `mcpserversplunk`, `mcpservernewrelic`, `eventChannel`, `mcpservergrafana`, `pagerduty`, `azureidentity`, `mcpserversigv4`, `remoteagent`, `remoteagentsigv4`.
@@ -544 +546 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/devops
->>>>>   * min: `1`
+>>>>>   * min: `0`
@@ -546 +548 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/devops
->>>>>   * pattern: `[\S]+`
+>>>>>   * pattern: `[\S]*`
@@ -904 +906 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/devops
->>>>>   * min: `1`
+>>>>>   * min: `0`
@@ -906 +908 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/devops
->>>>>   * pattern: `[\S]+`
+>>>>>   * pattern: `[\S]*`
@@ -1325 +1327 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/devops
->>>>>   * min: `1`
+>>>>>   * min: `0`
@@ -1327 +1329 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/devops
->>>>>   * pattern: `[\S]+`
+>>>>>   * pattern: `[\S]*`
@@ -1678,0 +1681,279 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/devops
+> 
+> remoteagent -> (structure)
+>
+>> Remote A2A agent service details (token-based auth).
+>> 
+>> name -> (string) [required]
+>>
+>>> Name identifier for a remote A2A agent.
+>>> 
+>>> Constraints:
+>>> 
+>>>   * min: `1`
+>>>   * max: `128`
+>>>   * pattern: `[a-zA-Z0-9_-]+`
+>>> 
+
+>> 
+>> endpoint -> (string) [required]
+>>
+>>> HTTPS endpoint URL for a remote A2A agent.
+>>> 
+>>> Constraints:
+>>> 
+>>>   * min: `1`
+>>>   * max: `2048`
+>>>   * pattern: `https://[a-zA-Z0-9.-]+(?::[0-9]+)?(?:/.*)?`
+>>> 
+
+>> 
+>> description -> (string)
+>>
+>>> Description field
+>>> 
+>>> Constraints:
+>>> 
+>>>   * min: `0`
+>>>   * max: `500`
+>>>   * pattern: `[\p{L}\p{N}\p{P}\p{S}\p{Z}]+`
+>>> 
+
+>> 
+>> authorizationConfig -> (tagged union structure) [required]
+>>
+>>> Remote agent authorization configuration.
+>>> 
+>>> ### Note
+>>> 
+>>> This is a Tagged Union structure. Only one of the following top level keys can be set: `apiKey`, `oAuthClientCredentials`, `bearerToken`.
+>>> 
+>>> apiKey -> (structure)
+>>>
+>>>> Remote agent configuration with API key authentication.
+>>>> 
+>>>> apiKeyName -> (string) [required]
+>>>>
+>>>>> User friendly API key name specified by end user.
+>>>>> 
+>>>>> Constraints:
+>>>>> 
+>>>>>   * pattern: `[a-zA-Z0-9_\s-]+`
+>>>>> 
+
+>>>> 
+>>>> apiKeyValue -> (string) [required]
+>>>>
+>>>>> API key value for authenticating with the service.
+>>>>> 
+>>>>> Constraints:
+>>>>> 
+>>>>>   * min: `1`
+>>>>>   * pattern: `[!-~]([ \t]*[!-~])*`
+>>>>> 
+
+>>>> 
+>>>> apiKeyHeader -> (string) [required]
+>>>>
+>>>>> HTTP header name to send the API key in requests to the service.
+>>>>> 
+>>>>> Constraints:
+>>>>> 
+>>>>>   * pattern: `[a-zA-Z0-9-_]+`
+>>>>> 
+
+>>> 
+>>> oAuthClientCredentials -> (structure)
+>>>
+>>>> Remote agent configuration with OAuth client credentials.
+>>>> 
+>>>> clientName -> (string)
+>>>>
+>>>>> User friendly OAuth client name specified by end user.
+>>>>> 
+>>>>> Constraints:
+>>>>> 
+>>>>>   * min: `1`
+>>>>>   * max: `100`
+>>>>>   * pattern: `[\p{L}\p{N}\p{Z}._-]+`
+>>>>> 
+
+>>>> 
+>>>> clientId -> (string) [required]
+>>>>
+>>>>> OAuth client ID for authenticating with the service.
+>>>>> 
+>>>>> Constraints:
+>>>>> 
+>>>>>   * min: `1`
+>>>>>   * max: `255`
+>>>>>   * pattern: `[\u0020-\u007E]+`
+>>>>> 
+
+>>>> 
+>>>> exchangeParameters -> (map)
+>>>>
+>>>>> OAuth token exchange parameters for authenticating with the service.
+>>>>> 
+>>>>> key -> (string)
+>>>>> 
+>>>>> value -> (string)
+>>>>>
+>>>>>> Exchange Parameter value for MCP authentication
+>>>> 
+>>>> clientSecret -> (string) [required]
+>>>>
+>>>>> OAuth client secret for authenticating with the service.
+>>>>> 
+>>>>> Constraints:
+>>>>> 
+>>>>>   * min: `1`
+>>>>>   * max: `512`
+>>>>>   * pattern: `[\S]+`
+>>>>> 
+
+>>>> 
+>>>> exchangeUrl -> (string) [required]
+>>>>
+>>>>> OAuth token exchange URL.
+>>>>> 
+>>>>> Constraints:
+>>>>> 
+>>>>>   * pattern: `https://[a-zA-Z0-9.-]+(?::[0-9]+)?(?:/.*)?`
+>>>>> 
+
+>>>> 
+>>>> scopes -> (list)
+>>>>
+>>>>> OAuth scopes for authentication.
+>>>>> 
+>>>>> Constraints:
+>>>>> 
+>>>>>   * min: `0`
+>>>>>   * max: `100`
+>>>>> 
+
+>>>>> 
+>>>>> (string)
+>>>>>
+>>>>>> OAuth scope parameter
+>>>>>> 
+>>>>>> Constraints:
+>>>>>> 
+>>>>>>   * min: `1`
+>>>>>>   * max: `128`
+>>>>>>   * pattern: `[!#-\[\]-~]+`
+>>>>>> 
+
+>>> 
+>>> bearerToken -> (structure)