AWS IAM medium security documentation change
Summary
Updated requirements for centralized root access to explicitly require sts:AssumeRoot permission
Security assessment
Added explicit requirement for sts:AssumeRoot permission demonstrates enhanced security controls for privileged root access
Diff
diff --git a/IAM/latest/UserGuide/id_root-user-privileged-task.md b/IAM/latest/UserGuide/id_root-user-privileged-task.md index a090c6ddb..cadac2a96 100644 --- a/IAM/latest/UserGuide/id_root-user-privileged-task.md +++ b/IAM/latest/UserGuide/id_root-user-privileged-task.md @@ -15 +15 @@ Once you launch a privileged session, you can delete a misconfigured Amazon S3 b -You must be signed in to an AWS Organizations management account or a delegated administrator account for IAM to enable centralized root access. You cannot use the AWS account root user. +To use centralized root access, you must sign in via a management account or a delegated administrator account and must have the `sts:AssumeRoot` permission explicitly granted.