AWS IAM documentation change
Summary
Minor terminology updates changing 'federated user' to 'federated user principal' and adding 'session' qualifier in session policy context
Security assessment
Changes improve consistency in principal/session terminology but do not introduce new security information or address vulnerabilities. Maintains existing documentation about session policy behavior without altering security implications.
Diff
diff --git a/IAM/latest/UserGuide/reference_policies_evaluation-logic_policy-eval-reqcontext.md b/IAM/latest/UserGuide/reference_policies_evaluation-logic_policy-eval-reqcontext.md index a749c82cc..96bac093b 100644 --- a//IAM/latest/UserGuide/reference_policies_evaluation-logic_policy-eval-reqcontext.md +++ b//IAM/latest/UserGuide/reference_policies_evaluation-logic_policy-eval-reqcontext.md @@ -11 +11 @@ When AWS evaluates and authorizes a request, it assembles the request informatio - * **Principal** – The user, role, or federated user that sent the request. Information about the principal includes the policies that are associated with that principal. + * **Principal** – The user, role, or federated user principal that sent the request. Information about the principal includes the policies that are associated with that principal. @@ -104 +104 @@ How AWS evaluates policies depends on the types of policies that apply to the re - * **Session policies** – Session policies are policies that you pass as parameters when you programmatically create a temporary session for a role or federated user. To create a role session programmatically, use one of the `AssumeRole*` API operations. When you do this and pass session policies, the resulting session's permissions are the intersection of the IAM entity's identity-based policy and the session policies. To create a federated user session, you use the IAM user access keys to programmatically call the `GetFederationToken` API operation. For more information, see [Session policies](./access_policies.html#policies_session). + * **Session policies** – Session policies are policies that you pass as parameters when you programmatically create a temporary session for a role or federated user session. To create a role session programmatically, use one of the `AssumeRole*` API operations. When you do this and pass session policies, the resulting session's permissions are the intersection of the IAM entity's identity-based policy and the session policies. To create a federated user session, you use the IAM user access keys to programmatically call the `GetFederationToken` API operation. For more information, see [Session policies](./access_policies.html#policies_session).