AWS Security ChangesHomeSearch

AWS IAM medium security documentation change

Service: IAM · 2025-03-26 · Security-related medium

File: IAM/latest/UserGuide/reference_policies_iam-condition-keys.md

Summary

Clarified usage of condition key for restricting root credential assumptions

Security assessment

Enhanced documentation about policy enforcement for root credential usage demonstrates improved security guidance

Diff

diff --git a/IAM/latest/UserGuide/reference_policies_iam-condition-keys.md b/IAM/latest/UserGuide/reference_policies_iam-condition-keys.md
index 88c46630a..a45cac78d 100644
--- a/IAM/latest/UserGuide/reference_policies_iam-condition-keys.md
+++ b/IAM/latest/UserGuide/reference_policies_iam-condition-keys.md
@@ -1208 +1208 @@ Use this key to compare the policy ARN in an [sts:AssumeRoot](https://docs.aws.a
-You can use this condition key in a policy to limit the actions a management account or delegated administrator can perform during a privileged root user session. For more information, see [Perform a privileged task on an AWS Organizations member account](./id_root-user-privileged-task.html).
+Administrators can use this condition key in IAM policies to restrict specific roles or users within the management account or delegated administrator account from performing certain actions when assuming root credentials. For more information, see [Perform a privileged task on an AWS Organizations member account](./id_root-user-privileged-task.html).