AWS IAM medium security documentation change
Summary
Clarified usage of condition key for restricting root credential assumptions
Security assessment
Enhanced documentation about policy enforcement for root credential usage demonstrates improved security guidance
Diff
diff --git a/IAM/latest/UserGuide/reference_policies_iam-condition-keys.md b/IAM/latest/UserGuide/reference_policies_iam-condition-keys.md index 88c46630a..a45cac78d 100644 --- a/IAM/latest/UserGuide/reference_policies_iam-condition-keys.md +++ b/IAM/latest/UserGuide/reference_policies_iam-condition-keys.md @@ -1208 +1208 @@ Use this key to compare the policy ARN in an [sts:AssumeRoot](https://docs.aws.a -You can use this condition key in a policy to limit the actions a management account or delegated administrator can perform during a privileged root user session. For more information, see [Perform a privileged task on an AWS Organizations member account](./id_root-user-privileged-task.html). +Administrators can use this condition key in IAM policies to restrict specific roles or users within the management account or delegated administrator account from performing certain actions when assuming root credentials. For more information, see [Perform a privileged task on an AWS Organizations member account](./id_root-user-privileged-task.html).