AWS Security ChangesHomeSearch

AWS IAM documentation change

Service: IAM · 2025-06-13 · Documentation low

File: IAM/latest/UserGuide/intro-managing-iam.md

Summary

Updated references from 'federated users' to 'federated principals' and added protocol specificity (OIDC/SAML)

Security assessment

Terminology updates for consistency with IAM concepts. No security implications - maintains existing guidance about temporary credentials best practices.

Diff

diff --git a/IAM/latest/UserGuide/intro-managing-iam.md b/IAM/latest/UserGuide/intro-managing-iam.md
index cf60b5cc5..6b3dd46cf 100644
--- a//IAM/latest/UserGuide/intro-managing-iam.md
+++ b//IAM/latest/UserGuide/intro-managing-iam.md
@@ -19 +19 @@ The AWS Management Console is a web application that comprises and refers to a b
-If you plan to have people using the AWS Management Console to manage AWS resources, we recommend configuring users with temporary credentials as a security [best practice](./best-practices.html). IAM users that have assumed a role, federated users, and users in IAM Identity Center have temporary credentials, while the IAM user and root user have long-term credentials. Root user credentials provide full access to the AWS account, while other users have credentials that provide access to the resources granted them by IAM policies.
+If you plan to have people using the AWS Management Console to manage AWS resources, we recommend configuring users with temporary credentials as a security [best practice](./best-practices.html). IAM users that have assumed a role, federated principals, and users in IAM Identity Center have temporary credentials, while the IAM user and root user have long-term credentials. Root user credentials provide full access to the AWS account, while other users have credentials that provide access to the resources granted them by IAM policies.
@@ -37 +37 @@ Sign out of the console when you finish your session to prevent reuse of your pr
-  * Federated users managed in an external identity provider linked to an AWS account sign-in using a custom enterprise access portal. The AWS resources available to federated users are dependent upon the policies selected by their organization.
+  * OIDC and SAML federated principals managed in an external identity provider linked to an AWS account sign-in using a custom enterprise access portal. The AWS resources available to users are dependent upon the policies selected by their organization.