AWS Security ChangesHomeSearch

AWS IAM documentation change

Service: IAM · 2025-06-13 · Documentation low

File: IAM/latest/UserGuide/reference_policies_examples_s3_cognito-bucket.md

Summary

Updated terminology from 'federated user's ID' to 'federated principal ID' and 'federated user home directory' to 'federated principal home directory' for consistency

Security assessment

The changes are terminology updates to use 'principal' instead of 'user' but do not address security vulnerabilities or introduce new security features. This is a documentation consistency improvement.

Diff

diff --git a/IAM/latest/UserGuide/reference_policies_examples_s3_cognito-bucket.md b/IAM/latest/UserGuide/reference_policies_examples_s3_cognito-bucket.md
index 7d9c002d7..f59b61a61 100644
--- a//IAM/latest/UserGuide/reference_policies_examples_s3_cognito-bucket.md
+++ b//IAM/latest/UserGuide/reference_policies_examples_s3_cognito-bucket.md
@@ -7 +7 @@
-This example shows how you might create an identity-based policy that allows Amazon Cognito users to access objects in a specific S3 bucket. This policy allows access only to objects with a name that includes `cognito`, the name of the application, and the federated user's ID, represented by the ${cognito-identity.amazonaws.com:sub} variable. This policy grants the permissions necessary to complete this action programmatically from the AWS API or AWS CLI. To use this policy, replace the `italicized placeholder text` in the example policy with your own information. Then, follow the directions in [create a policy](./access_policies_create.html) or [edit a policy](./access_policies_manage-edit.html).
+This example shows how you might create an identity-based policy that allows Amazon Cognito users to access objects in a specific Amazon S3 bucket. This policy allows access only to objects with a name that includes `cognito`, the name of the application, and the federated principal ID, represented by the ${cognito-identity.amazonaws.com:sub} variable. This policy grants the permissions necessary to complete this action programmatically from the AWS API or AWS CLI. To use this policy, replace the `italicized placeholder text` in the example policy with your own information. Then, follow the directions in [create a policy](./access_policies_create.html) or [edit a policy](./access_policies_manage-edit.html).
@@ -61 +61 @@ RDS: Full access for tag owners
-S3: Access federated user home directory (includes console)
+S3: Access federated principal home directory (includes console)