AWS API Changes

2025/11/19 - AWS Identity and Access Management - 3 new api methods

Changes Added the EnableOutboundWebIdentityFederation, DisableOutboundWebIdentityFederation and GetOutboundWebIdentityFederationInfo APIs for the IAM outbound federation feature.

GetOutboundWebIdentityFederationInfo (new)

Link ¶

Retrieves the configuration information for the outbound identity federation feature in your Amazon Web Services account. The response includes the unique issuer URL for your Amazon Web Services account and the current enabled/disabled status of the feature. Use this operation to obtain the issuer URL that you need to configure trust relationships with external services.

See also: AWS API Documentation

Request Syntax

client.get_outbound_web_identity_federation_info()

rtype:

dict

returns:

Response Syntax

{
    'IssuerIdentifier': 'string',
    'JwtVendingEnabled': True|False
}

Response Structure

(dict) --
- IssuerIdentifier (string) --
  
  A unique issuer URL for your Amazon Web Services account that hosts the OpenID Connect (OIDC) discovery endpoints at /.well-known/openid-configuration and /.well-known/jwks.json. The OpenID Connect (OIDC) discovery endpoints contain verification keys and metadata necessary for token verification.
- JwtVendingEnabled (boolean) --
  
  Indicates whether outbound identity federation is currently enabled for your Amazon Web Services account. When true, IAM principals in the account can call the GetWebIdentityToken API to obtain JSON Web Tokens (JWTs) for authentication with external services.

DisableOutboundWebIdentityFederation (new)

Link ¶

Disables the outbound identity federation feature for your Amazon Web Services account. When disabled, IAM principals in the account cannot use the GetWebIdentityToken API to obtain JSON Web Tokens (JWTs) for authentication with external services. This operation does not affect tokens that were issued before the feature was disabled.