AWS Security ChangesHomeSearch

AWS IAM documentation change

Service: IAM · 2025-06-13 · Documentation low

File: IAM/latest/UserGuide/id_roles_providers_create_oidc.md

Summary

Updated references from 'federated users' to 'OIDC federated principals' and removed redundant '(federation)' text in links

Security assessment

Terminology updates to match IAM concepts (principal vs user) and cleanup of link formatting. No security vulnerabilities addressed or new security features documented - maintains existing guidance about role-based access control.

Diff

diff --git a/IAM/latest/UserGuide/id_roles_providers_create_oidc.md b/IAM/latest/UserGuide/id_roles_providers_create_oidc.md
index 9dbd5d76c..4848534a6 100644
--- a//IAM/latest/UserGuide/id_roles_providers_create_oidc.md
+++ b//IAM/latest/UserGuide/id_roles_providers_create_oidc.md
@@ -13 +13 @@ You can create and manage an IAM OIDC identity provider using the AWS Management
-After you create an IAM OIDC identity provider, you must create one or more IAM roles. A role is an identity in AWS that doesn't have its own credentials (as a user does). But in this context, a role is dynamically assigned to a federated user that is authenticated by your organization's IdP. The role permits your organization's IdP to request temporary security credentials for access to AWS. The policies assigned to the role determine what the federated users are allowed to do in AWS. To create a role for a third-party identity provider, see [Create a role for a third-party identity provider (federation)](./id_roles_create_for-idp.html).
+After you create an IAM OIDC identity provider, you must create one or more IAM roles. A role is an identity in AWS that doesn't have its own credentials (as a user does). But in this context, a role is dynamically assigned to an OIDC federated principal that is authenticated by your organization's IdP. The role permits your organization's IdP to request temporary security credentials for access to AWS. The policies assigned to the role determine what users are allowed to do in AWS. To create a role for a third-party identity provider, see [Create a role for a third-party identity provider ](./id_roles_create_for-idp.html).
@@ -52 +52 @@ The JSON Web Key Set (JWKS) must contain at least one key and can have a maximum
-     * claims_supported: Information about the user that helps you ensure OIDC authentication responses from your IdP contain the required attributes AWS uses in IAM policies to check permissions for federated users. For a list of IAM condition keys that can be used for claims, see [Available keys for AWS OIDC federation](./reference_policies_iam-condition-keys.html#condition-keys-wif).
+     * claims_supported: Information about the user that helps you ensure OIDC authentication responses from your IdP contain the required attributes AWS uses in IAM policies to check permissions for OIDC federated principals. For a list of IAM condition keys that can be used for claims, see [Available keys for AWS OIDC federation](./reference_policies_iam-condition-keys.html#condition-keys-wif).
@@ -148 +148 @@ The OIDC identity provider's certificate chain must start with the domain or iss
-  9. Assign an IAM role to your identity provider to give external user identities managed by your identity provider permissions to access AWS resources in your account. To learn more about creating roles for identity federation, see [Create a role for a third-party identity provider (federation)](./id_roles_create_for-idp.html).
+  9. Assign an IAM role to your identity provider to give external user identities managed by your identity provider permissions to access AWS resources in your account. To learn more about creating roles for identity federation, see [Create a role for a third-party identity provider ](./id_roles_create_for-idp.html).