AWS singlesignon documentation change
Summary
Updated policy descriptions to replace 'identity-aware' with 'identity-enhanced' terminology across multiple entries
Security assessment
The changes involve terminology updates from 'identity-aware' to 'identity-enhanced' but do not indicate any security vulnerability fixes or new security controls. The modifications appear to be branding/terminology alignment rather than addressing security issues.
Diff
diff --git a/singlesignon/latest/userguide/security-iam-awsmanpol.md b/singlesignon/latest/userguide/security-iam-awsmanpol.md index 7d64232e6..7cb26d923 100644 --- a//singlesignon/latest/userguide/security-iam-awsmanpol.md +++ b//singlesignon/latest/userguide/security-iam-awsmanpol.md @@ -278 +278 @@ AWSSSOServiceRolePolicy | This policy now includes permissions to call `identit -AWSIAMIdentityCenterAllowListForIdentityContext | This policy now includes the `qapps:ListQAppSessionData` and `qapps:ExportQAppSessionData` actions to support identity-aware console sessions for AWS managed applications that support these sessions. | October 2, 2024 +AWSIAMIdentityCenterAllowListForIdentityContext | This policy now includes the `qapps:ListQAppSessionData` and `qapps:ExportQAppSessionData` actions to support identity-enhanced console sessions for AWS managed applications that support these sessions. | October 2, 2024 @@ -280,3 +280,3 @@ AWSSSOMasterAccountAdministrator | IAM Identity Center added a new action to gr -AWSIAMIdentityCenterAllowListForIdentityContext | This policy now includes the `s3:ListCallerAccessGrants` action to support identity-aware console sessions for AWS managed applications that support these sessions. | September 4, 2024 -AWSIAMIdentityCenterAllowListForIdentityContext | This policy now includes the `aoss:APIAccessAll`, `es:ESHttpHead`, `es:ESHttpPost`, `es:ESHttpGet`, `es:ESHttpPatch`, `es:ESHttpDelete`, and `es:ESHttpPut` actions to support identity-aware console sessions for AWS managed applications that support these sessions. | July 12, 2024 -AWSIAMIdentityCenterAllowListForIdentityContext | This policy now includes the `qapps:PredictQApp`, `qapps:ImportDocument`, `qapps:AssociateLibraryItemReview`, `qapps:DisassociateLibraryItemReview`, `qapps:GetQAppSession`, `qapps:UpdateQAppSession`, `qapps:GetQAppSessionMetadata`, `qapps:UpdateQAppSessionMetadata`, and `qapps:TagResource` actions to support identity-aware console sessions for AWS managed applications that support these sessions. | June 27, 2024 +AWSIAMIdentityCenterAllowListForIdentityContext | This policy now includes the `s3:ListCallerAccessGrants` action to support identity-enhanced console sessions for AWS managed applications that support these sessions. | September 4, 2024 +AWSIAMIdentityCenterAllowListForIdentityContext | This policy now includes the `aoss:APIAccessAll`, `es:ESHttpHead`, `es:ESHttpPost`, `es:ESHttpGet`, `es:ESHttpPatch`, `es:ESHttpDelete`, and `es:ESHttpPut` actions to support identity-enhanced console sessions for AWS managed applications that support these sessions. | July 12, 2024 +AWSIAMIdentityCenterAllowListForIdentityContext | This policy now includes the `qapps:PredictQApp`, `qapps:ImportDocument`, `qapps:AssociateLibraryItemReview`, `qapps:DisassociateLibraryItemReview`, `qapps:GetQAppSession`, `qapps:UpdateQAppSession`, `qapps:GetQAppSessionMetadata`, `qapps:UpdateQAppSessionMetadata`, and `qapps:TagResource` actions to support identity-enhanced console sessions for AWS managed applications that support these sessions. | June 27, 2024 @@ -284,8 +284,8 @@ AWSIAMIdentityCenterAllowListForIdentityContext | This policy now includes the -AWSIAMIdentityCenterAllowListForIdentityContext | This policy now includes the `qapps:CreateQApp`, `qapps:PredictProblemStatementFromConversation`, `qapps:PredictQAppFromProblemStatement`, `qapps:CopyQApp`, `qapps:GetQApp`, `qapps:ListQApps`, `qapps:UpdateQApp`, `qapps:DeleteQApp`, `qapps:AssociateQAppWithUser`, `qapps:DisassociateQAppFromUser`, `qapps:ImportDocumentToQApp`, `qapps:ImportDocumentToQAppSession`, `qapps:CreateLibraryItem`, `qapps:GetLibraryItem`, `qapps:UpdateLibraryItem`, `qapps:CreateLibraryItemReview`, `qapps:ListLibraryItems`, `qapps:CreateSubscriptionToken`, `qapps:StartQAppSession`, and `qapps:StopQAppSession` actions to support identity-aware console sessions for AWS managed applications that support these sessions. | April 30, 2024 -AWSSSOMasterAccountAdministrator | This policy now includes the `signin:CreateTrustedIdentityPropagationApplicationForConsole` and `signin:ListTrustedIdentityPropagationApplicationsForConsole` actions to support identity-aware console sessions for AWS managed applications that support these sessions. | April 26, 2024 -AWSSSOMemberAccountAdministrator | This policy now includes the `signin:CreateTrustedIdentityPropagationApplicationForConsole` and `signin:ListTrustedIdentityPropagationApplicationsForConsole` actions to support identity-aware console sessions for AWS managed applications that support these sessions. | April 26, 2024 -AWSSSOReadOnly | This policy now includes the `signin:ListTrustedIdentityPropagationApplicationsForConsole` action to support identity-aware console sessions for AWS managed applications that support these sessions. | April 26, 2024 -AWSIAMIdentityCenterAllowListForIdentityContext | This policy now includes the `qbusiness:PutFeedback` action to support identity-aware console sessions for AWS managed applications that support these sessions. | April 26, 2024 -AWSIAMIdentityCenterAllowListForIdentityContext | This policy now includes the `q:StartConversation`, `q:SendMessage`, `q:ListConversations`, `q:GetConversation`, `q:StartTroubleshootingAnalysis`, `q:GetTroubleshootingResults`, `q:StartTroubleshootingResolutionExplanation`, and ` q:UpdateTroubleshootingCommandResult` actions to support identity-aware console sessions for AWS managed applications that support these sessions. | April 24, 2024 -AWSIAMIdentityCenterAllowListForIdentityContext | This policy now includes the `sts:SetContext` action to support identity-aware console sessions for AWS managed applications that support these sessions. | April 19, 2024 -AWSIAMIdentityCenterAllowListForIdentityContext | This policy now includes the `qbusiness:Chat`, `qbusiness:ChatSync`, `qbusiness:ListConversations`, ` qbusiness:ListMessages`, and `qbusiness:DeleteConversation` actions to support identity-aware console sessions for AWS managed applications that support these sessions. | April 11, 2024 +AWSIAMIdentityCenterAllowListForIdentityContext | This policy now includes the `qapps:CreateQApp`, `qapps:PredictProblemStatementFromConversation`, `qapps:PredictQAppFromProblemStatement`, `qapps:CopyQApp`, `qapps:GetQApp`, `qapps:ListQApps`, `qapps:UpdateQApp`, `qapps:DeleteQApp`, `qapps:AssociateQAppWithUser`, `qapps:DisassociateQAppFromUser`, `qapps:ImportDocumentToQApp`, `qapps:ImportDocumentToQAppSession`, `qapps:CreateLibraryItem`, `qapps:GetLibraryItem`, `qapps:UpdateLibraryItem`, `qapps:CreateLibraryItemReview`, `qapps:ListLibraryItems`, `qapps:CreateSubscriptionToken`, `qapps:StartQAppSession`, and `qapps:StopQAppSession` actions to support identity-enhanced console sessions for AWS managed applications that support these sessions. | April 30, 2024 +AWSSSOMasterAccountAdministrator | This policy now includes the `signin:CreateTrustedIdentityPropagationApplicationForConsole` and `signin:ListTrustedIdentityPropagationApplicationsForConsole` actions to support identity-enhanced console sessions for AWS managed applications that support these sessions. | April 26, 2024 +AWSSSOMemberAccountAdministrator | This policy now includes the `signin:CreateTrustedIdentityPropagationApplicationForConsole` and `signin:ListTrustedIdentityPropagationApplicationsForConsole` actions to support identity-enhanced console sessions for AWS managed applications that support these sessions. | April 26, 2024 +AWSSSOReadOnly | This policy now includes the `signin:ListTrustedIdentityPropagationApplicationsForConsole` action to support identity-enhanced console sessions for AWS managed applications that support these sessions. | April 26, 2024 +AWSIAMIdentityCenterAllowListForIdentityContext | This policy now includes the `qbusiness:PutFeedback` action to support identity-enhanced console sessions for AWS managed applications that support these sessions. | April 26, 2024 +AWSIAMIdentityCenterAllowListForIdentityContext | This policy now includes the `q:StartConversation`, `q:SendMessage`, `q:ListConversations`, `q:GetConversation`, `q:StartTroubleshootingAnalysis`, `q:GetTroubleshootingResults`, `q:StartTroubleshootingResolutionExplanation`, and ` q:UpdateTroubleshootingCommandResult` actions to support identity-enhanced console sessions for AWS managed applications that support these sessions. | April 24, 2024 +AWSIAMIdentityCenterAllowListForIdentityContext | This policy now includes the `sts:SetContext` action to support identity-enhanced console sessions for AWS managed applications that support these sessions. | April 19, 2024 +AWSIAMIdentityCenterAllowListForIdentityContext | This policy now includes the `qbusiness:Chat`, `qbusiness:ChatSync`, `qbusiness:ListConversations`, ` qbusiness:ListMessages`, and `qbusiness:DeleteConversation` actions to support identity-enhanced console sessions for AWS managed applications that support these sessions. | April 11, 2024