AWS IAM documentation change
Summary
Updated terminology from 'federated user' to 'SAML or OIDC federated principal' to align with IAM vocabulary
Security assessment
Change clarifies identity types but does not address vulnerabilities or introduce security controls. Terminology alignment doesn't impact security posture.
Diff
diff --git a/IAM/latest/UserGuide/id_roles_use_switch-role-twp.md b/IAM/latest/UserGuide/id_roles_use_switch-role-twp.md index 6ae7b552c..885c45682 100644 --- a//IAM/latest/UserGuide/id_roles_use_switch-role-twp.md +++ b//IAM/latest/UserGuide/id_roles_use_switch-role-twp.md @@ -15 +15 @@ This section describes how to switch roles when you work at the command line wit -Imagine that you have an account in the development environment and you occasionally need to work with the production environment at the command line using the [Tools for Windows PowerShell](http://aws.amazon.com/powershell/). You already have one access key credential set available to you. These can be an access key pair assigned to your standard IAM user. Or, if you signed-in as a federated user, they can be the access key pair for the role initially assigned to you. You can use these credentials to run the `Use-STSRole` cmdlet that passes the ARN of a new role as a parameter. The command returns temporary security credentials for the requested role. You can then use those credentials in subsequent PowerShell commands with the role's permissions to access resources in production. While you use the role, you cannot use your user permissions in the Development account because only one set of permissions is in effect at a time. +Imagine that you have an account in the development environment and you occasionally need to work with the production environment at the command line using the [Tools for Windows PowerShell](http://aws.amazon.com/powershell/). You already have one access key credential set available to you. These can be an access key pair assigned to your standard IAM user. Or, if you signed-in as a SAML or OIDC federated principal, they can be the access key pair for the role initially assigned to you. You can use these credentials to run the `Use-STSRole` cmdlet that passes the ARN of a new role as a parameter. The command returns temporary security credentials for the requested role. You can then use those credentials in subsequent PowerShell commands with the role's permissions to access resources in production. While you use the role, you cannot use your user permissions in the Development account because only one set of permissions is in effect at a time.