AWS Security ChangesHomeSearch

AWS IAM medium security documentation change

Service: IAM · 2025-03-26 · Security-related medium

File: IAM/latest/UserGuide/id_root-user-privileged-task.md

Summary

Updated requirements for centralized root access to explicitly require sts:AssumeRoot permission

Security assessment

Added explicit requirement for sts:AssumeRoot permission demonstrates enhanced security controls for privileged root access

Diff

diff --git a/IAM/latest/UserGuide/id_root-user-privileged-task.md b/IAM/latest/UserGuide/id_root-user-privileged-task.md
index a090c6ddb..cadac2a96 100644
--- a/IAM/latest/UserGuide/id_root-user-privileged-task.md
+++ b/IAM/latest/UserGuide/id_root-user-privileged-task.md
@@ -15 +15 @@ Once you launch a privileged session, you can delete a misconfigured Amazon S3 b
-You must be signed in to an AWS Organizations management account or a delegated administrator account for IAM to enable centralized root access. You cannot use the AWS account root user.
+To use centralized root access, you must sign in via a management account or a delegated administrator account and must have the `sts:AssumeRoot` permission explicitly granted.