AWS Security ChangesHomeSearch

AWS IAM documentation change

Service: IAM · 2025-06-13 · Documentation low

File: IAM/latest/UserGuide/reference_policies_iam-condition-keys.md

Summary

Changed 'federated users' to 'federated principals' in OIDC condition keys explanation

Security assessment

Terminology update to use 'principal' instead of 'user' in policy context. The security controls and guidance remain functionally identical, only language consistency is improved.

Diff

diff --git a/IAM/latest/UserGuide/reference_policies_iam-condition-keys.md b/IAM/latest/UserGuide/reference_policies_iam-condition-keys.md
index 8e152142c..4d3c87114 100644
--- a//IAM/latest/UserGuide/reference_policies_iam-condition-keys.md
+++ b//IAM/latest/UserGuide/reference_policies_iam-condition-keys.md
@@ -340 +340 @@ You can use OIDC federation to give temporary security credentials to users who
-You can use AWS OIDC condition context keys to write policies that limit the access of federated users to resources that are associated with a specific provider, app, or user. These keys are typically used in the trust policy for a role. Define condition keys using the name of the OIDC provider (`token.actions.githubusercontent.com`) followed by a claim (`:aud`): `**token.actions.githubusercontent.com:aud**`.
+You can use AWS OIDC condition context keys to write policies that limit the access of federated principals to resources that are associated with a specific provider, app, or user. These keys are typically used in the trust policy for a role. Define condition keys using the name of the OIDC provider (`token.actions.githubusercontent.com`) followed by a claim (`:aud`): `**token.actions.githubusercontent.com:aud**`.