AWS Security ChangesHomeSearch

AWS IAM documentation change

Service: IAM · 2025-05-22 · Documentation low

File: IAM/latest/UserGuide/id_credentials_temp_control-access_sts-setcontext.md

Summary

Updated terminology from 'identity-aware' to 'identity-enhanced' console sessions, including updated documentation links and policy references

Security assessment

Change updates terminology and documentation links but does not address specific security vulnerabilities. The content continues to document security-related permissions (sts:SetContext) for session management, but there's no evidence of fixing a security issue.

Diff

diff --git a/IAM/latest/UserGuide/id_credentials_temp_control-access_sts-setcontext.md b/IAM/latest/UserGuide/id_credentials_temp_control-access_sts-setcontext.md
index e3110876d..247a063d5 100644
--- a//IAM/latest/UserGuide/id_credentials_temp_control-access_sts-setcontext.md
+++ b//IAM/latest/UserGuide/id_credentials_temp_control-access_sts-setcontext.md
@@ -5 +5 @@
-# Granting permissions to use identity-aware console sessions
+# Granting permissions to use identity-enhanced console sessions
@@ -7 +7 @@
-Identity-aware console sessions enables AWS IAM Identity Center user and session IDs to be included in users' AWS console sessions when they sign in. For example, Amazon Q Developer Pro uses identity-aware console sessions to personalize the service experience. For more information about identity-aware console sessions, see [Enabling identity-aware console sessions](https://docs.aws.amazon.com/singlesignon/latest/userguide/awsapps.html#identity-aware-sessions) in the _AWS IAM Identity Center User Guide_. For information about Amazon Q Developer setup, see [Setting up Amazon Q Developer](https://docs.aws.amazon.com/amazonq/latest/qdeveloper-ug/setting-up.html) in the _Amazon Q Developer User Guide_.
+Identity-enhanced console sessions enables AWS IAM Identity Center user and session IDs to be included in users' AWS console sessions when they sign in. For example, Amazon Q Developer Pro uses identity-enhanced console sessions to personalize the service experience. For more information about identity-enhanced console sessions, see [Enabling identity-enhanced console sessions](https://docs.aws.amazon.com/singlesignon/latest/userguide/identity-enhanced-sessions.html) in the _AWS IAM Identity Center User Guide_. For information about Amazon Q Developer setup, see [Setting up Amazon Q Developer](https://docs.aws.amazon.com/amazonq/latest/qdeveloper-ug/setting-up.html) in the _Amazon Q Developer User Guide_.
@@ -9 +9 @@ Identity-aware console sessions enables AWS IAM Identity Center user and session
-For identity-aware console sessions to be available to a user, you must use an identity-based policy to grant the IAM principal the `sts:SetContext` permission for the resource that represents their own console session. 
+For identity-enhanced console sessions to be available to a user, you must use an identity-based policy to grant the IAM principal the `sts:SetContext` permission for the resource that represents their own console session. 
@@ -13 +13 @@ For identity-aware console sessions to be available to a user, you must use an i
-By default, users do not have permission to set context for their identity-aware console sessions. To allow this, you must grant the IAM principal the `sts:SetContext` permission in an identity-based policy as shown in the policy example below.
+By default, users do not have permission to set context for their identity-enhanced console sessions. To allow this, you must grant the IAM principal the `sts:SetContext` permission in an identity-based policy as shown in the policy example below.
@@ -15 +15 @@ By default, users do not have permission to set context for their identity-aware
-The following example identity-based policy grants the `sts:SetContext` permission to an IAM principal, allowing the principal to set identity-aware console session context for their own AWS console sessions. The policy resource, `arn:aws:sts::`account-id`:self`, represents the caller’s AWS session. The `account-id` ARN segment can be replaced with a wildcard character `*` in cases where the same permission policy is deployed across multiple accounts, such as when this policy is deployed using IAM Identity Center permission sets.
+The following example identity-based policy grants the `sts:SetContext` permission to an IAM principal, allowing the principal to set identity-enhanced console session context for their own AWS console sessions. The policy resource, `arn:aws:sts::`account-id`:self`, represents the caller’s AWS session. The `account-id` ARN segment can be replaced with a wildcard character `*` in cases where the same permission policy is deployed across multiple accounts, such as when this policy is deployed using IAM Identity Center permission sets.