AWS IAM medium security documentation change
Summary
Added note requiring deactivation of active access keys before user deletion and removed redundant line about access key removal automation
Security assessment
The change explicitly warns users to manually deactivate access keys before deletion, addressing a potential security gap where inactive users might retain active credentials. This prevents accidental retention of unused access keys that could be exploited.
Diff
diff --git a/IAM/latest/UserGuide/id_users_remove.md b/IAM/latest/UserGuide/id_users_remove.md index c15519bdf..739f184bc 100644 --- a//IAM/latest/UserGuide/id_users_remove.md +++ b//IAM/latest/UserGuide/id_users_remove.md @@ -25,2 +24,0 @@ When you use the AWS Management Console to remove an IAM user, IAM automatically - * Any access keys belonging to the IAM user - @@ -50,0 +49,4 @@ classic IAM console +###### Note + +If any of the users have active access keys, you must deactivate the access keys before deleting the users. For more information, see [To deactivate an access key for an IAM user](./access-keys-admin-managed.html#admin-deactivate-access-key). +