AWS IAM documentation change
Summary
Updated terminology from 'identity-aware' to 'identity-enhanced' console sessions, including updated documentation links and policy references
Security assessment
Change updates terminology and documentation links but does not address specific security vulnerabilities. The content continues to document security-related permissions (sts:SetContext) for session management, but there's no evidence of fixing a security issue.
Diff
diff --git a/IAM/latest/UserGuide/id_credentials_temp_control-access_sts-setcontext.md b/IAM/latest/UserGuide/id_credentials_temp_control-access_sts-setcontext.md index e3110876d..247a063d5 100644 --- a//IAM/latest/UserGuide/id_credentials_temp_control-access_sts-setcontext.md +++ b//IAM/latest/UserGuide/id_credentials_temp_control-access_sts-setcontext.md @@ -5 +5 @@ -# Granting permissions to use identity-aware console sessions +# Granting permissions to use identity-enhanced console sessions @@ -7 +7 @@ -Identity-aware console sessions enables AWS IAM Identity Center user and session IDs to be included in users' AWS console sessions when they sign in. For example, Amazon Q Developer Pro uses identity-aware console sessions to personalize the service experience. For more information about identity-aware console sessions, see [Enabling identity-aware console sessions](https://docs.aws.amazon.com/singlesignon/latest/userguide/awsapps.html#identity-aware-sessions) in the _AWS IAM Identity Center User Guide_. For information about Amazon Q Developer setup, see [Setting up Amazon Q Developer](https://docs.aws.amazon.com/amazonq/latest/qdeveloper-ug/setting-up.html) in the _Amazon Q Developer User Guide_. +Identity-enhanced console sessions enables AWS IAM Identity Center user and session IDs to be included in users' AWS console sessions when they sign in. For example, Amazon Q Developer Pro uses identity-enhanced console sessions to personalize the service experience. For more information about identity-enhanced console sessions, see [Enabling identity-enhanced console sessions](https://docs.aws.amazon.com/singlesignon/latest/userguide/identity-enhanced-sessions.html) in the _AWS IAM Identity Center User Guide_. For information about Amazon Q Developer setup, see [Setting up Amazon Q Developer](https://docs.aws.amazon.com/amazonq/latest/qdeveloper-ug/setting-up.html) in the _Amazon Q Developer User Guide_. @@ -9 +9 @@ Identity-aware console sessions enables AWS IAM Identity Center user and session -For identity-aware console sessions to be available to a user, you must use an identity-based policy to grant the IAM principal the `sts:SetContext` permission for the resource that represents their own console session. +For identity-enhanced console sessions to be available to a user, you must use an identity-based policy to grant the IAM principal the `sts:SetContext` permission for the resource that represents their own console session. @@ -13 +13 @@ For identity-aware console sessions to be available to a user, you must use an i -By default, users do not have permission to set context for their identity-aware console sessions. To allow this, you must grant the IAM principal the `sts:SetContext` permission in an identity-based policy as shown in the policy example below. +By default, users do not have permission to set context for their identity-enhanced console sessions. To allow this, you must grant the IAM principal the `sts:SetContext` permission in an identity-based policy as shown in the policy example below. @@ -15 +15 @@ By default, users do not have permission to set context for their identity-aware -The following example identity-based policy grants the `sts:SetContext` permission to an IAM principal, allowing the principal to set identity-aware console session context for their own AWS console sessions. The policy resource, `arn:aws:sts::`account-id`:self`, represents the caller’s AWS session. The `account-id` ARN segment can be replaced with a wildcard character `*` in cases where the same permission policy is deployed across multiple accounts, such as when this policy is deployed using IAM Identity Center permission sets. +The following example identity-based policy grants the `sts:SetContext` permission to an IAM principal, allowing the principal to set identity-enhanced console session context for their own AWS console sessions. The policy resource, `arn:aws:sts::`account-id`:self`, represents the caller’s AWS session. The `account-id` ARN segment can be replaced with a wildcard character `*` in cases where the same permission policy is deployed across multiple accounts, such as when this policy is deployed using IAM Identity Center permission sets.