AWS Security ChangesHomeSearch

AWS IAM documentation change

Service: IAM · 2025-06-13 · Documentation low

File: IAM/latest/UserGuide/reference_policies_evaluation-logic_policy-eval-reqcontext.md

Summary

Minor terminology updates changing 'federated user' to 'federated user principal' and adding 'session' qualifier in session policy context

Security assessment

Changes improve consistency in principal/session terminology but do not introduce new security information or address vulnerabilities. Maintains existing documentation about session policy behavior without altering security implications.

Diff

diff --git a/IAM/latest/UserGuide/reference_policies_evaluation-logic_policy-eval-reqcontext.md b/IAM/latest/UserGuide/reference_policies_evaluation-logic_policy-eval-reqcontext.md
index a749c82cc..96bac093b 100644
--- a//IAM/latest/UserGuide/reference_policies_evaluation-logic_policy-eval-reqcontext.md
+++ b//IAM/latest/UserGuide/reference_policies_evaluation-logic_policy-eval-reqcontext.md
@@ -11 +11 @@ When AWS evaluates and authorizes a request, it assembles the request informatio
-  * **Principal** – The user, role, or federated user that sent the request. Information about the principal includes the policies that are associated with that principal. 
+  * **Principal** – The user, role, or federated user principal that sent the request. Information about the principal includes the policies that are associated with that principal. 
@@ -104 +104 @@ How AWS evaluates policies depends on the types of policies that apply to the re
-  * **Session policies** – Session policies are policies that you pass as parameters when you programmatically create a temporary session for a role or federated user. To create a role session programmatically, use one of the `AssumeRole*` API operations. When you do this and pass session policies, the resulting session's permissions are the intersection of the IAM entity's identity-based policy and the session policies. To create a federated user session, you use the IAM user access keys to programmatically call the `GetFederationToken` API operation. For more information, see [Session policies](./access_policies.html#policies_session).
+  * **Session policies** – Session policies are policies that you pass as parameters when you programmatically create a temporary session for a role or federated user session. To create a role session programmatically, use one of the `AssumeRole*` API operations. When you do this and pass session policies, the resulting session's permissions are the intersection of the IAM entity's identity-based policy and the session policies. To create a federated user session, you use the IAM user access keys to programmatically call the `GetFederationToken` API operation. For more information, see [Session policies](./access_policies.html#policies_session).