AWS Security ChangesHomeSearch

AWS IAM documentation change

Service: IAM · 2025-06-13 · Documentation low

File: IAM/latest/UserGuide/introduction.md

Summary

Replaced 'federated user' with 'AWS STS federated principal' in authentication flow description

Security assessment

This change aligns terminology with technical implementation details (AWS STS) but does not indicate any security vulnerability being addressed. The modification enhances documentation precision regarding federated access types without introducing new security features or addressing known risks.

Diff

diff --git a/IAM/latest/UserGuide/introduction.md b/IAM/latest/UserGuide/introduction.md
index 3dcea5f7f..31ecce1e2 100644
--- a//IAM/latest/UserGuide/introduction.md
+++ b//IAM/latest/UserGuide/introduction.md
@@ -17 +17 @@ Use IAM to set up other identities in addition to your root user, such as admini
-After a user is set up in IAM, they use their sign-in credentials to authenticate with AWS. Authentication is provided by matching the sign-in credentials to a principal (an IAM user, federated user, IAM role, or application) trusted by the AWS account. Next, a request is made to grant the principal access to resources. Access is granted in response to an authorization request if the user has been given permission to the resource. For example, when you first sign in to the console and are on the console Home page, you aren't accessing a specific service. When you select a service, the request for authorization is sent to that service and it looks to see if your identity is on the list of authorized users, what policies are being enforced to control the level of access granted, and any other policies that might be in effect. Authorization requests can be made by principals within your AWS account or from another AWS account that you trust.
+After a user is set up in IAM, they use their sign-in credentials to authenticate with AWS. Authentication is provided by matching the sign-in credentials to a principal (an IAM user, AWS STS federated principal, IAM role, or application) trusted by the AWS account. Next, a request is made to grant the principal access to resources. Access is granted in response to an authorization request if the user has been given permission to the resource. For example, when you first sign in to the console and are on the console Home page, you aren't accessing a specific service. When you select a service, the request for authorization is sent to that service and it looks to see if your identity is on the list of authorized users, what policies are being enforced to control the level of access granted, and any other policies that might be in effect. Authorization requests can be made by principals within your AWS account or from another AWS account that you trust.