From 7d2fa4323ecc89f71fe7bf5a594c8d6166e32169 Mon Sep 17 00:00:00 2001
From: DJCrabhat <djcrabhat@sosimplerecords.com>
Date: Wed, 13 Oct 2021 07:45:34 -0700
Subject: [PATCH] Add `nonce` configuration parameter to agent AWS auto-auth
 documentation  (#10926)

* Update aws.mdx

Was looking how to give the vault agent with AWS auth-auth the same nonce, but saw it wasn't documented.  Dove through the code, found https://github.com/hashicorp/vault/blob/master/command/agent/auth/aws/aws.go#L139 and https://github.com/hashicorp/vault/blob/master/command/agent/auth/aws/aws.go#L215

(tried to call out the importance and point to docs, know setting `nonce` poorly could be very bad!)

* add line breaks

* Apply suggestions from code review

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

Co-authored-by: hghaf099 <83242695+hghaf099@users.noreply.github.com>
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
---
 website/content/docs/agent/autoauth/methods/aws.mdx | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/website/content/docs/agent/autoauth/methods/aws.mdx b/website/content/docs/agent/autoauth/methods/aws.mdx
index ea0a50f006..95be69a616 100644
--- a/website/content/docs/agent/autoauth/methods/aws.mdx
+++ b/website/content/docs/agent/autoauth/methods/aws.mdx
@@ -56,6 +56,10 @@ parameters unset in your configuration.
 - `header_value` `(string: optional)` - If configured in Vault, the value to use for
   [`iam_server_id_header_value`](/api/auth/aws#iam_server_id_header_value).
 
+- `nonce` `(string: optional)` - If not provided, Vault will generate a new UUID every time `vault agent` runs. 
+  If set, make sure you understand the importance of generating a good, unique `nonce` and protecting it. 
+  See [Client Nonce](/docs/auth/aws#client-nonce) for more information.
+
 ## Learn
 
 Refer to the [Vault Agent with