AWS Security ChangesHomeSearch

AWS signin documentation change

Service: signin · 2026-07-13 · Documentation low

File: signin/latest/userguide/oauth-sign-in-overview.md

Summary

Added hyperlinks to token management, dynamic client registration, IAM integration, CloudTrail integration sections; added walkthrough references for interactive/non-interactive authorization; updated IAM actions/resources/condition keys with links; added VPCE support documentation link.

Security assessment

Changes enhance documentation of existing security features (token management, IAM integration, CloudTrail auditing) by adding reference links. No vulnerability fixes indicated. Security documentation is improved but not newly added.

Diff

diff --git a/signin/latest/userguide/oauth-sign-in-overview.md b/signin/latest/userguide/oauth-sign-in-overview.md
index b8273c177..c2cd469a0 100644
--- a//signin/latest/userguide/oauth-sign-in-overview.md
+++ b//signin/latest/userguide/oauth-sign-in-overview.md
@@ -27,4 +27,4 @@ Non-interactive authorization | OAuth authorization for agents and applications
-Token management | Issue and introspect access and refresh tokens, and revoke refresh tokens.  
-Dynamic client registration | Register approved OAuth-compatible applications with AWS Sign-In.  
-IAM integration | Govern OAuth authorization using IAM permissions, resources, and condition keys.  
-CloudTrail integration | Audit OAuth authorization and token lifecycle events using AWS CloudTrail.  
+[Token management](./aws-mcp-server.html#aws-mcp-server-token-management) | Issue and introspect access and refresh tokens, and revoke refresh tokens.  
+[Dynamic client registration](https://docs.aws.amazon.com/signin/latest/APIReference/API_dataplane-signin_CreateOAuth2PublicClient.html) | Register approved OAuth-compatible applications with AWS Sign-In.  
+[IAM integration](https://docs.aws.amazon.com/service-authorization/latest/reference/list_signin.html) | Govern OAuth authorization using IAM permissions, resources, and condition keys.  
+[CloudTrail integration](./aws-mcp-server.html#aws-mcp-server-monitoring) | Audit OAuth authorization and token lifecycle events using AWS CloudTrail.  
@@ -80,0 +81,2 @@ Interactive authorization supports:
+For a walkthrough of connecting an agent using interactive authorization, see [AWS MCP Server](./aws-mcp-server.html).
+
@@ -88,0 +91,2 @@ The client credentials grant issues only access tokens (no refresh tokens). Requ
+For a walkthrough of connecting an application using non-interactive authorization, see [AWS MCP Server](./aws-mcp-server.html).
+
@@ -93 +97 @@ OAuth authorization integrates with the existing AWS security model. AWS Sign-In
-  * IAM actions for OAuth authorization and token management.
+  * IAM actions for OAuth authorization and token management. See [Actions, resources, and condition keys for AWS Sign-In](https://docs.aws.amazon.com/service-authorization/latest/reference/list_signin.html).
@@ -95 +99 @@ OAuth authorization integrates with the existing AWS security model. AWS Sign-In
-  * OAuth authorization grant resources.
+  * OAuth authorization grant resources. See [Actions, resources, and condition keys for AWS Sign-In](https://docs.aws.amazon.com/service-authorization/latest/reference/list_signin.html).
@@ -97 +101 @@ OAuth authorization integrates with the existing AWS security model. AWS Sign-In
-  * OAuth-specific IAM condition keys.
+  * OAuth-specific IAM condition keys. See [OAuth condition keys](./reference-signin-condition-keys.html#reference-signin-condition-keys-oauth).
@@ -99 +103 @@ OAuth authorization integrates with the existing AWS security model. AWS Sign-In
-  * Token introspection and revocation APIs.
+  * Token [introspection](https://docs.aws.amazon.com/signin/latest/APIReference/API_dataplane-signin_IntrospectOAuth2TokenWithIAM.html) and [revocation](https://docs.aws.amazon.com/signin/latest/APIReference/API_dataplane-signin_RevokeOAuth2TokenWithIAM.html) APIs.
@@ -101 +105 @@ OAuth authorization integrates with the existing AWS security model. AWS Sign-In
-  * AWS CloudTrail auditing for OAuth authorization and token lifecycle events.
+  * AWS CloudTrail auditing for OAuth authorization and token lifecycle events. See [Monitoring OAuth activity](./aws-mcp-server.html#aws-mcp-server-monitoring).
@@ -107 +111 @@ OAuth authorization integrates with the existing AWS security model. AWS Sign-In
-  * VPCE support for OAuth APIs.
+  * VPCE support for OAuth APIs. See [AWS PrivateLink](./oauth-privatelink.html).
@@ -134 +138,5 @@ Use this regional endpoint for the OAuth flow at `https://{region}.oauth.signin.
-  * [AWS Sign-In condition keys reference](./reference-signin-condition-keys.html)
+  * [OAuth condition keys](./reference-signin-condition-keys.html#reference-signin-condition-keys-oauth)
+
+  * [AWS Sign-In API Reference](https://docs.aws.amazon.com/signin/latest/APIReference/API_Operations.html)
+
+  * [Actions, resources, and condition keys for AWS Sign-In](https://docs.aws.amazon.com/service-authorization/latest/reference/list_signin.html)