AWS Security ChangesHomeSearch

AWS IAM documentation change

Service: IAM · 2025-06-13 · Documentation low

File: IAM/latest/UserGuide/troubleshoot_access-denied.md

Summary

Updated terminology from 'federated user' to 'AWS STS federated user principal' for clarity in session policy documentation

Security assessment

Clarifies security-relevant session policy mechanics but doesn't address a specific vulnerability. Improves understanding of security controls without patching issues.

Diff

diff --git a/IAM/latest/UserGuide/troubleshoot_access-denied.md b/IAM/latest/UserGuide/troubleshoot_access-denied.md
index 5afccd3dc..063719b10 100644
--- a//IAM/latest/UserGuide/troubleshoot_access-denied.md
+++ b//IAM/latest/UserGuide/troubleshoot_access-denied.md
@@ -72 +72 @@ In this case, Mateo must ask his administrator to update his policies to allow a
-  * If you are a federated user, your session might be limited by session policies. You become a federated user by signing in to AWS as an IAM user and then requesting a federation token. For more information about federated users, see [Requesting credentials through a custom identity broker](./id_credentials_temp_request.html#api_getfederationtoken). If you or your identity broker passed session policies while requesting a federation token, then your session is limited by those policies. The resulting session's permissions are the intersection of your IAM user identity-based policies and the session policies. For more information about session policies, see [Session policies](./access_policies.html#policies_session).
+  * If you are an AWS STS federated user principal, your session might be limited by session policies. You create a federated user session by signing in to AWS as an IAM user and then requesting a federation token. For more information, see [Requesting credentials through a custom identity broker](./id_credentials_temp_request.html#api_getfederationtoken). If you or your identity broker passed session policies while requesting a federation token, then your session is limited by those policies. The resulting session's permissions are the intersection of your IAM user identity-based policies and the session policies. For more information about session policies, see [Session policies](./access_policies.html#policies_session).