AWS Security ChangesHomeSearch

AWS IAM documentation change

Service: IAM · 2025-06-13 · Documentation low

File: IAM/latest/UserGuide/access_policies_boundaries.md

Summary

Updated references from 'IAM federated user sessions' to 'AWS STS federated user principal sessions' in permissions boundary documentation

Security assessment

The changes refine terminology regarding STS federated sessions but do not indicate any security vulnerability remediation. This maintains consistency in documentation without introducing new security content.

Diff

diff --git a/IAM/latest/UserGuide/access_policies_boundaries.md b/IAM/latest/UserGuide/access_policies_boundaries.md
index df8f6592d..8167669b2 100644
--- a//IAM/latest/UserGuide/access_policies_boundaries.md
+++ b//IAM/latest/UserGuide/access_policies_boundaries.md
@@ -66 +66 @@ _Resource-based policies for IAM users_
-Within the same account, resource-based policies that grant permissions to an IAM user ARN (that is not a federated user session) are not limited by an implicit deny in an identity-based policy or permissions boundary.
+Within the same account, resource-based policies that grant permissions to an IAM user ARN (that is not an AWS STS federated user principal session) are not limited by an implicit deny in an identity-based policy or permissions boundary.
@@ -77 +77 @@ _Resource-based policies for IAM roles_
-_Resource-based policies for IAM federated user sessions_
+_Resource-based policies for AWS STS federated user principal sessions_
@@ -80 +80 @@ _Resource-based policies for IAM federated user sessions_
-**IAM federated user sessions** – An IAM federated user session is a session created by calling [GetFederationToken](./id_credentials_temp_request.html#api_getfederationtoken). When a federated user makes a request, the principal making the request is the federated user ARN and not the ARN of the IAM user who federated. Within the same account, resource-based policies that grant permissions to a federated user ARN grant permissions directly to the session. Permissions granted directly to a session are not limited by an implicit deny in an identity-based policy, a permissions boundary, or session policy.
+**AWS STS federated user principal sessions** – An AWS STS federated user principal session is a session created by calling [GetFederationToken](./id_credentials_temp_request.html#api_getfederationtoken). When a federated user makes a request, the principal making the request is the federated user ARN and not the ARN of the IAM user who federated. Within the same account, resource-based policies that grant permissions to a federated user ARN grant permissions directly to the session. Permissions granted directly to a session are not limited by an implicit deny in an identity-based policy, a permissions boundary, or session policy.
@@ -82 +82 @@ _Resource-based policies for IAM federated user sessions_
-However, if a resource-based policy grants permission to the ARN of the IAM user who federated, then requests made by the federated user during the session are limited by an implicit deny in a permission boundary or session policy.
+However, if a resource-based policy grants permission to the ARN of the IAM user who federated, then requests made by the AWS STS federated user principal during the session are limited by an implicit deny in a permission boundary or session policy.