AWS IAM documentation change
Summary
Updated references from 'federated users' to 'federated principals' and added protocol specificity (OIDC/SAML)
Security assessment
Terminology updates for consistency with IAM concepts. No security implications - maintains existing guidance about temporary credentials best practices.
Diff
diff --git a/IAM/latest/UserGuide/intro-managing-iam.md b/IAM/latest/UserGuide/intro-managing-iam.md index cf60b5cc5..6b3dd46cf 100644 --- a//IAM/latest/UserGuide/intro-managing-iam.md +++ b//IAM/latest/UserGuide/intro-managing-iam.md @@ -19 +19 @@ The AWS Management Console is a web application that comprises and refers to a b -If you plan to have people using the AWS Management Console to manage AWS resources, we recommend configuring users with temporary credentials as a security [best practice](./best-practices.html). IAM users that have assumed a role, federated users, and users in IAM Identity Center have temporary credentials, while the IAM user and root user have long-term credentials. Root user credentials provide full access to the AWS account, while other users have credentials that provide access to the resources granted them by IAM policies. +If you plan to have people using the AWS Management Console to manage AWS resources, we recommend configuring users with temporary credentials as a security [best practice](./best-practices.html). IAM users that have assumed a role, federated principals, and users in IAM Identity Center have temporary credentials, while the IAM user and root user have long-term credentials. Root user credentials provide full access to the AWS account, while other users have credentials that provide access to the resources granted them by IAM policies. @@ -37 +37 @@ Sign out of the console when you finish your session to prevent reuse of your pr - * Federated users managed in an external identity provider linked to an AWS account sign-in using a custom enterprise access portal. The AWS resources available to federated users are dependent upon the policies selected by their organization. + * OIDC and SAML federated principals managed in an external identity provider linked to an AWS account sign-in using a custom enterprise access portal. The AWS resources available to users are dependent upon the policies selected by their organization.