AWS Security ChangesHomeSearch

AWS cli documentation change

Service: cli · 2026-07-10 · Documentation low

File: cli/latest/reference/bedrock-agentcore-control/update-gateway.md

Summary

Added 'advertisedScopeMapping' documentation in two sections of authorizerConfiguration with constraints and usage details

Security assessment

Documents OAuth scope mapping feature for token validation and client communication, improving security documentation but not patching a vulnerability

Diff

diff --git a/cli/latest/reference/bedrock-agentcore-control/update-gateway.md b/cli/latest/reference/bedrock-agentcore-control/update-gateway.md
index 1ebda6f2f..3db743ea3 100644
--- a//cli/latest/reference/bedrock-agentcore-control/update-gateway.md
+++ b//cli/latest/reference/bedrock-agentcore-control/update-gateway.md
@@ -15 +15 @@
-  * [AWS CLI 2.35.16 Command Reference](../../index.html) »
+  * [AWS CLI 2.35.19 Command Reference](../../index.html) »
@@ -322,0 +323,31 @@ JSON Syntax:
+>> 
+>> advertisedScopeMapping -> (map)
+>>
+>>> A map that associates each scope in `allowedScopes` with a corresponding advertised scope value. The advertised scope appears in OAuth protected resource metadata and `WWW-Authenticate` response headers. Use this parameter when the scope that clients request from your identity provider differs from the scope in the validated token. Each key is a scope from `allowedScopes` that the service uses for token validation. Each value is the corresponding scope that the service advertises to clients. Scopes without a mapping entry appear unchanged to clients.
+>>> 
+>>> Constraints:
+>>> 
+>>>   * min: `1`
+>>>   * max: `50`
+>>> 
+
+>>> 
+>>> key -> (string)
+>>>
+>>>> Constraints:
+>>>> 
+>>>>   * min: `1`
+>>>>   * max: `255`
+>>>>   * pattern: `[\x21\x23-\x5B\x5D-\x7E]+`
+>>>> 
+
+>>> 
+>>> value -> (string)
+>>>
+>>>> Constraints:
+>>>> 
+>>>>   * min: `1`
+>>>>   * max: `255`
+>>>>   * pattern: `[\x21\x23-\x5B\x5D-\x7E]+`
+>>>> 
+
@@ -759,0 +791,2 @@ JSON Syntax:
+        "advertisedScopeMapping": {"string": "string"
+          ...},
@@ -1461,0 +1495,31 @@ authorizerConfiguration -> (tagged union structure)
+>> 
+>> advertisedScopeMapping -> (map)
+>>
+>>> A map that associates each scope in `allowedScopes` with a corresponding advertised scope value. The advertised scope appears in OAuth protected resource metadata and `WWW-Authenticate` response headers. Use this parameter when the scope that clients request from your identity provider differs from the scope in the validated token. Each key is a scope from `allowedScopes` that the service uses for token validation. Each value is the corresponding scope that the service advertises to clients. Scopes without a mapping entry appear unchanged to clients.
+>>> 
+>>> Constraints:
+>>> 
+>>>   * min: `1`
+>>>   * max: `50`
+>>> 
+
+>>> 
+>>> key -> (string)
+>>>
+>>>> Constraints:
+>>>> 
+>>>>   * min: `1`
+>>>>   * max: `255`
+>>>>   * pattern: `[\x21\x23-\x5B\x5D-\x7E]+`
+>>>> 
+
+>>> 
+>>> value -> (string)
+>>>
+>>>> Constraints:
+>>>> 
+>>>>   * min: `1`
+>>>>   * max: `255`
+>>>>   * pattern: `[\x21\x23-\x5B\x5D-\x7E]+`
+>>>> 
+
@@ -2126 +2190 @@ wafConfiguration -> (structure)
-  * [AWS CLI 2.35.16 Command Reference](../../index.html) »
+  * [AWS CLI 2.35.19 Command Reference](../../index.html) »