AWS IAM documentation change
Summary
Updated terminology from 'federated users' to 'roles and federated principals' or 'users' throughout documentation to broaden scope and align with IAM concepts
Security assessment
Changes focus on terminology clarification rather than addressing security vulnerabilities. No evidence of patching vulnerabilities or mitigating risks. Updates improve accuracy of entity types (users vs principals) but don't introduce security controls.
Diff
diff --git a/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.md b/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.md index 0c3e131c9..77f34de66 100644 --- a//IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.md +++ b//IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.md @@ -13 +13 @@ You can write and run code to create a URL that lets users who sign in to your o -If your organization uses an identity provider (IdP) that is compatible with SAML, you can set up access to the console without writing code. This works with providers like Microsoft's Active Directory Federation Services or open-source Shibboleth. For details, see [Enabling SAML 2.0 federated users to access the AWS Management Console](./id_roles_providers_enable-console-saml.html). +If your organization uses an identity provider (IdP) that is compatible with SAML, you can set up access to the console without writing code. This works with providers like Microsoft's Active Directory Federation Services or open-source Shibboleth. For details, see [Enabling SAML 2.0 federated princpals to access the AWS Management Console](./id_roles_providers_enable-console-saml.html). @@ -71 +71 @@ To complete these tasks, you can use the [HTTPS Query API for AWS Identity and A -You can construct a URL that gives your federated users direct access to the AWS Management Console. This task uses the IAM and AWS STS HTTPS Query API. For more information about making query requests, see [Making Query Requests](https://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html). +You can construct a URL that gives roles and federated principals direct access to the AWS Management Console. This task uses the IAM and AWS STS HTTPS Query API. For more information about making query requests, see [Making Query Requests](https://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html). @@ -77 +77 @@ The following procedure contains examples of text strings. To enhance readabilit -###### To give a federated user access to your resources from the AWS Management Console +###### To give roles and federated principals access to your resources from the AWS Management Console @@ -154 +154 @@ AWS supports POST requests here. -Finally, create the URL that your federated users can use to access the AWS Management Console. The URL is the same federation URL endpoint that you used in Step 5, plus the following parameters: +Finally, create the URL that your users can use to access the AWS Management Console. The URL is the same federation URL endpoint that you used in Step 5, plus the following parameters: @@ -188 +188 @@ The following example shows what the final URL might look like. The URL is valid -The following examples show how to use Python to programmatically construct a URL that gives federated users direct access to the AWS Management Console. There are two examples: +The following examples show how to use Python to programmatically construct a URL that gives users direct access to the AWS Management Console. There are two examples: @@ -211 +211 @@ Do not include `SessionDuration` if your `AssumeRoleSession` credentials are fro - # call "AssumeRole" to get temporary access keys for the federated user + # call "AssumeRole" to get temporary access keys for the role or federated principal @@ -275 +275 @@ Do not include `SessionDuration` if your `AssumeRoleSession` credentials are fro - # call "AssumeRole" to get temporary access keys for the federated user + # call "AssumeRole" to get temporary access keys for the role or federated principal @@ -353 +353 @@ Do not include `SessionDuration` if your `AssumeRoleSession` credentials are fro -The following example shows how to use Java to programmatically construct a URL that gives federated users direct access to the AWS Management Console. The following code snippet uses the [AWS SDK for Java](http://aws.amazon.com/documentation/sdkforjava/). +The following example shows how to use Java to programmatically construct a URL that gives users direct access to the AWS Management Console. The following code snippet uses the [AWS SDK for Java](http://aws.amazon.com/documentation/sdkforjava/). @@ -456 +456 @@ The following example shows how to use Java to programmatically construct a URL -The following example shows how to use Ruby to programmatically construct a URL that gives federated users direct access to the AWS Management Console. This code snippet uses the [AWS SDK for Ruby](http://aws.amazon.com/documentation/sdkforruby/). +The following example shows how to use Ruby to programmatically construct a URL that gives users direct access to the AWS Management Console. This code snippet uses the [AWS SDK for Ruby](http://aws.amazon.com/documentation/sdkforruby/).