AWS IAM documentation change
Summary
Updated terminology from 'federated user access/user attributes' to 'federated principal access/principal attributes' to align with IAM terminology
Security assessment
The change replaces 'user' with 'principal' terminology but does not address vulnerabilities or introduce security features. It clarifies IAM role assignment semantics without altering security controls.
Diff
diff --git a/IAM/latest/UserGuide/id_roles_providers.md b/IAM/latest/UserGuide/id_roles_providers.md index 3a8f867df..b85a9d937 100644 --- a//IAM/latest/UserGuide/id_roles_providers.md +++ b//IAM/latest/UserGuide/id_roles_providers.md @@ -57 +57 @@ IAM Identity Center supports identity federation with SAML (Security Assertion M -While we strongly recommend managing human users in IAM Identity Center, you can enable federated user access with IAM for human users in short-term, small scale deployments. IAM allows you to use separate SAML 2.0 and Open ID Connect (OIDC) IdPs and use federated user attributes for access control. With IAM, you can pass user attributes, such as cost center, title, or locale, from your IdPs to AWS, and implement fine-grained access permissions based on these attributes. +While we strongly recommend managing human users in IAM Identity Center, you can enable federated principal access with IAM for human users in short-term, small scale deployments. IAM allows you to use separate SAML 2.0 and Open ID Connect (OIDC) IdPs and use federated principal attributes for access control. With IAM, you can pass user attributes, such as cost center, title, or locale, from your IdPs to AWS, and implement fine-grained access permissions based on these attributes.