diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1dd30ecf..9ce6592b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,13 @@
 <!-- markdownlint-disable single-title -->
 # v2.0.0 (Unreleased)
 
+# v2.0.0-beta.35 (2023-09-05)
+
+ENHANCEMENTS
+
+* Adds `AllowedAccountIds` and `ForbiddenAccountIds` fields and a `VerifyAccountIDAllowed` method to `Config` ([#638](https://github.com/hashicorp/aws-sdk-go-base/pull/638))
+* Adds `tfawserr.ErrHTTPStatusCodeEquals` ([#642](https://github.com/hashicorp/aws-sdk-go-base/pull/642))
+
 # v2.0.0-beta.34 (2023-08-17)
 
 BREAKING CHANGES
diff --git a/internal/config/config.go b/internal/config/config.go
index 50221b2e..145aa2c4 100644
--- a/internal/config/config.go
+++ b/internal/config/config.go
@@ -136,6 +136,9 @@ func (c Config) ResolveSharedCredentialsFiles() ([]string, error) {
 
 // VerifyAccountIDAllowed verifies an account ID is not explicitly forbidden
 // or omitted from an allow list, if configured.
+//
+// If the AllowedAccountIds and ForbiddenAccountIds fields are both empty, this
+// function will return nil.
 func (c Config) VerifyAccountIDAllowed(accountID string) error {
 	if len(c.ForbiddenAccountIds) > 0 {
 		for _, forbiddenAccountID := range c.ForbiddenAccountIds {