AWS Security ChangesHomeSearch

AWS IAM documentation change

Service: IAM · 2025-03-23 · Documentation low

File: IAM/latest/UserGuide/reference-arns.md

Summary

Added clarification that ARNs are not considered secret/sensitive

Security assessment

Provides security guidance about ARN handling but doesn't address a specific vulnerability

Diff

diff --git a/IAM/latest/UserGuide/reference-arns.md b/IAM/latest/UserGuide/reference-arns.md
index cc5463da8..012fa48fb 100644
--- a/IAM/latest/UserGuide/reference-arns.md
+++ b/IAM/latest/UserGuide/reference-arns.md
@@ -9 +9 @@ ARN formatLook up the ARN format for a resourcePaths in ARNs
-Amazon Resource Names (ARNs) uniquely identify AWS resources. We require an ARN when you need to specify a resource unambiguously across all of AWS, such as in IAM policies, Amazon Relational Database Service (Amazon RDS) tags, and API calls.
+Amazon Resource Names (ARNs) uniquely identify AWS resources. We require an ARN when you need to specify a resource unambiguously across all of AWS, such as in IAM policies, Amazon Relational Database Service (Amazon RDS) tags, and API calls. While ARNs, like any identifying information, should be used and shared carefully, they are not considered secret, sensitive, or confidential information.