AWS IAM documentation change
Summary
Expanded principal types in aws:PrincipalOrgPaths condition key documentation to include specific federated user types
Security assessment
The change adds explicit documentation about supported principal types for organizational path conditions, enhancing clarity around security controls. While it improves security documentation, there's no evidence of addressing a specific security issue.
Diff
diff --git a/IAM/latest/UserGuide/access_policies_data-perimeters.md b/IAM/latest/UserGuide/access_policies_data-perimeters.md index 7e44e199f..cd21e965b 100644 --- a//IAM/latest/UserGuide/access_policies_data-perimeters.md +++ b//IAM/latest/UserGuide/access_policies_data-perimeters.md @@ -53 +53 @@ The following global condition keys help enforce identity perimeter controls. Us - * [aws:PrincipalOrgPaths](./reference_policies_condition-keys.html#condition-keys-principalorgpaths) – You can use this condition key to ensure that the IAM user , IAM role, federated user, or AAWS account root user making the request belong to the specified organizational unit (OU) in AWS Organizations. + * [aws:PrincipalOrgPaths](./reference_policies_condition-keys.html#condition-keys-principalorgpaths) – You can use this condition key to ensure that the IAM user , IAM role, AWS STS federated user principal, SAML federated principal, OIDC federated principal, or AWS account root user making the request belong to the specified organizational unit (OU) in AWS Organizations.