AWS Security ChangesHomeSearch

AWS awscloudtrail documentation change

Service: awscloudtrail · 2026-07-10 · Documentation medium

File: awscloudtrail/latest/userguide/cloudtrail-event-reference-user-identity.md

Summary

Added documentation for 'signInSessionArn' field in userIdentity element

Security assessment

Explains how to use session ARNs for auditing and policy enforcement, enhancing security visibility. No vulnerability being addressed.

Diff

diff --git a/awscloudtrail/latest/userguide/cloudtrail-event-reference-user-identity.md b/awscloudtrail/latest/userguide/cloudtrail-event-reference-user-identity.md
index 03e5b435e..7a9c1f261 100644
--- a//awscloudtrail/latest/userguide/cloudtrail-event-reference-user-identity.md
+++ b//awscloudtrail/latest/userguide/cloudtrail-event-reference-user-identity.md
@@ -60,0 +61 @@ The following example shows a `userIdentity` element for a request made with tem
+            "signInSessionArn": "arn:aws:signin:us-east-1:123456789012:session/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
@@ -280,0 +282,4 @@ The omission of this field or presence of this field with an empty value signifi
+  * `signInSessionArn` – The ARN of the sign-in session that supports the request, in the form `arn:aws:signin:<region>:<account-id>:session/<uuid>`. This ARN is the value of the `aws:SignInSessionArn` global condition key. The key identifies the session more specifically than the principal ARN. Use it to audit API activity by sign-in session, or to write policies that revoke a specific session.
+
+The session that originates the request can be a sign-in session. The session can also come from an access token that you obtain through an OAuth or Signature Version 4 (SigV4) machine flow. CloudTrail does not change the ARN of the principal. CloudTrail records this field on API events that occur under such a session. This is an optional field.
+