AWS STS now supports validation of select identity provider specific claims from Google, GitHub, CircleCI and OCI

AWS IAM · 2026-02-02

Actions

Rate this issue

Technical Details

Regions	all
Cost Impact	Neutral
IaC Impact	High

What This Means

For DevOps Teams

Update your IAM role trust policies and resource control policies to include the new identity provider specific claims from Google, GitHub, CircleCI, and OCI, ensuring your federated identities have the appropriate access controls in place.

For Platform Teams

Adopt the new OIDC claim validation capability to simplify your architecture by leveraging custom claims as condition keys in IAM role trust policies and resource control policies, reducing operational toil and improving security.

For Executives

Evaluate the new OIDC claim validation capability to enhance your organization's security posture by implementing fine-grained access control for federated identities, thereby reducing risk exposure and strengthening data perimeters.

Source

View original AWS announcement →

https://aws.amazon.com/about-aws/whats-new/2026/01/aws-sts-supports-validation-identity-provider-claims

Related AWS IAM Updates

AWS Builder ID now supports Sign in with Apple (2026-02-05)
AWS IAM Identity Center now supports multi-Region replication for AWS account access and application use (2026-02-03)
AWS IAM Identity Center enables account access and application use in multiple AWS Regions (2026-02-03)
AWS IAM Identity Center now supports IPv6 (2026-01-26)
IAM Identity Center now supports IPv6 (2026-01-26)

Actions

Technical Details

What This Means

Source

Related AWS IAM Updates

Weekly AWS Digest in Your Inbox