AWS Security ChangesHomeSearch

AWS IAM documentation change

Service: IAM · 2025-06-19 · Documentation low

File: IAM/latest/UserGuide/reference_policies_condition-keys.md

Summary

Formatting changes for condition keys, removed redundant contents sections, and updated key name formatting

Security assessment

Primarily documentation formatting improvements and structural changes. No new security content added or vulnerabilities addressed. Changes to key formatting (backticks) improve readability but don't affect security posture.

Diff

diff --git a/IAM/latest/UserGuide/reference_policies_condition-keys.md b/IAM/latest/UserGuide/reference_policies_condition-keys.md
index 8f5c3f17a..eec276173 100644
--- a//IAM/latest/UserGuide/reference_policies_condition-keys.md
+++ b//IAM/latest/UserGuide/reference_policies_condition-keys.md
@@ -33 +33 @@ Properties of the principal | Properties of a role session | Properties of the n
-aws:PrincipalArn aws:PrincipalAccount aws:PrincipalOrgPaths aws:PrincipalOrgID aws:PrincipalTag/tag-key aws:PrincipalIsAWSService aws:PrincipalServiceName aws:PrincipalServiceNamesList aws:PrincipalType aws:userid aws:username |  aws:AssumedRoot aws:FederatedProvider aws:TokenIssueTime aws:MultiFactorAuthAge aws:MultiFactorAuthPresent aws:ChatbotSourceArn aws:Ec2InstanceSourceVpc aws:Ec2InstanceSourcePrivateIPv4 aws:SourceIdentity ec2:RoleDelivery ec2:SourceInstanceArn glue:RoleAssumedBy glue:CredentialIssuingService lambda:SourceFunctionArn ssm:SourceInstanceArn identitystore:UserId |  aws:SourceIp aws:SourceVpc aws:SourceVpce aws:VpcSourceIp |  aws:ResourceAccount aws:ResourceOrgID aws:ResourceOrgPaths aws:ResourceTag/tag-key |  aws:CalledVia aws:CalledViaFirst aws:CalledViaLast aws:ViaAWSService aws:CurrentTime aws:EpochTime aws:referer aws:RequestedRegion aws:RequestTag/tag-key aws:TagKeys aws:SecureTransport aws:SourceAccount aws:SourceArn aws:SourceOrgID aws:SourceOrgPaths aws:UserAgent  
+`aws:PrincipalArn` `aws:PrincipalAccount` `aws:PrincipalOrgPaths` `aws:PrincipalOrgID` `aws:PrincipalTag/tag-key` `aws:PrincipalIsAWSService` `aws:PrincipalServiceName` `aws:PrincipalServiceNamesList` `aws:PrincipalType` `aws:userid` `aws:username` |  `aws:AssumedRoot` `aws:FederatedProvider` `aws:TokenIssueTime` `aws:MultiFactorAuthAge` `aws:MultiFactorAuthPresent` `aws:ChatbotSourceArn` `aws:Ec2InstanceSourceVpc` `aws:Ec2InstanceSourcePrivateIPv4` `aws:SourceIdentity` `ec2:RoleDelivery` `ec2:SourceInstanceArn` `glue:RoleAssumedBy` `glue:CredentialIssuingService` `lambda:SourceFunctionArn` `ssm:SourceInstanceArn` `identitystore:UserId` |  `aws:SourceIp` `aws:SourceVpc` `aws:SourceVpce` `aws:VpcSourceIp` |  `aws:ResourceAccount` `aws:ResourceOrgID` `aws:ResourceOrgPaths` `aws:ResourceTag/tag-key` |  `aws:CalledVia` `aws:CalledViaFirst` `aws:CalledViaLast` `aws:ViaAWSService` `aws:CurrentTime` `aws:EpochTime` `aws:referer` `aws:RequestedRegion` `aws:RequestTag/tag-key` `aws:TagKeys` `aws:SecureTransport` `aws:SourceAccount` `aws:SourceArn` `aws:SourceOrgID` `aws:SourceOrgPaths` `aws:UserAgent`  
@@ -39 +39 @@ The following condition keys are considered sensitive because their values are m
-  * aws:PrincipalAccount
+  * `aws:PrincipalAccount`
@@ -41 +41 @@ The following condition keys are considered sensitive because their values are m
-  * aws:PrincipalOrgID
+  * `aws:PrincipalOrgID`
@@ -43 +43 @@ The following condition keys are considered sensitive because their values are m
-  * aws:ResourceAccount
+  * `aws:ResourceAccount`
@@ -45 +45 @@ The following condition keys are considered sensitive because their values are m
-  * aws:ResourceOrgID
+  * `aws:ResourceOrgID`
@@ -47 +47 @@ The following condition keys are considered sensitive because their values are m
-  * aws:SourceAccount
+  * `aws:SourceAccount`
@@ -49 +49 @@ The following condition keys are considered sensitive because their values are m
-  * aws:SourceOrgID
+  * `aws:SourceOrgID`
@@ -51 +51 @@ The following condition keys are considered sensitive because their values are m
-  * aws:SourceVpc
+  * `aws:SourceVpc`
@@ -53 +53 @@ The following condition keys are considered sensitive because their values are m
-  * aws:SourceVpce
+  * `aws:SourceVpce`
@@ -62,27 +61,0 @@ Use the following condition keys to compare details about the principal making t
-###### Contents
-
-  * [aws:PrincipalArn](./reference_policies_condition-keys.html#condition-keys-principalarn)
-
-  * [aws:PrincipalAccount](./reference_policies_condition-keys.html#condition-keys-principalaccount)
-
-  * [aws:PrincipalOrgPaths](./reference_policies_condition-keys.html#condition-keys-principalorgpaths)
-
-  * [aws:PrincipalOrgID](./reference_policies_condition-keys.html#condition-keys-principalorgid)
-
-  * [aws:PrincipalTag/tag-key](./reference_policies_condition-keys.html#condition-keys-principaltag)
-
-  * [aws:PrincipalIsAWSService](./reference_policies_condition-keys.html#condition-keys-principalisawsservice)
-
-  * [aws:PrincipalServiceName](./reference_policies_condition-keys.html#condition-keys-principalservicename)
-
-  * [aws:PrincipalServiceNamesList](./reference_policies_condition-keys.html#condition-keys-principalservicenameslist)
-
-  * [aws:PrincipalType](./reference_policies_condition-keys.html#condition-keys-principaltype)
-
-  * [aws:userid](./reference_policies_condition-keys.html#condition-keys-userid)
-
-  * [aws:username](./reference_policies_condition-keys.html#condition-keys-username)
-
-
-
-
@@ -265 +238 @@ For more information about AWS Organizations, see [What Is AWS Organizations?](h
-### aws:PrincipalTag/_tag-key_
+### aws:PrincipalTag/tag-key
@@ -458,37 +430,0 @@ A [role](./reference_policies_elements_principal.html#principal-roles) is a type
-###### Contents
-
-  * [aws:AssumedRoot](./reference_policies_condition-keys.html#condition-keys-assumedroot)
-
-  * [aws:FederatedProvider](./reference_policies_condition-keys.html#condition-keys-federatedprovider)
-
-  * [aws:TokenIssueTime](./reference_policies_condition-keys.html#condition-keys-tokenissuetime)
-
-  * [aws:MultiFactorAuthAge](./reference_policies_condition-keys.html#condition-keys-multifactorauthage)
-
-  * [aws:MultiFactorAuthPresent](./reference_policies_condition-keys.html#condition-keys-multifactorauthpresent)
-
-  * [aws:ChatbotSourceArn](./reference_policies_condition-keys.html#condition-keys-chatbotsourcearn)
-
-  * [aws:Ec2InstanceSourceVpc](./reference_policies_condition-keys.html#condition-keys-ec2instancesourcevpc)
-
-  * [aws:Ec2InstanceSourcePrivateIPv4](./reference_policies_condition-keys.html#condition-keys-ec2instancesourceprivateip4)
-
-  * [aws:SourceIdentity](./reference_policies_condition-keys.html#condition-keys-sourceidentity)
-
-  * [ec2:RoleDelivery](./reference_policies_condition-keys.html#condition-keys-ec2-role-delivery)
-
-  * [ec2:SourceInstanceArn](./reference_policies_condition-keys.html#condition-keys-ec2-source-instance-arn)
-
-  * [glue:RoleAssumedBy](./reference_policies_condition-keys.html#condition-keys-glue-role-assumed-by)
-
-  * [glue:CredentialIssuingService](./reference_policies_condition-keys.html#condition-keys-glue-credential-issuing)
-
-  * [lambda:SourceFunctionArn](./reference_policies_condition-keys.html#condition-keys-lambda-source-function-arn)
-
-  * [ssm:SourceInstanceArn](./reference_policies_condition-keys.html#condition-keys-ssm-source-instance-arn)
-
-  * [identitystore:UserId](./reference_policies_condition-keys.html#condition-keys-identity-store-user-id)
-
-
-
-
@@ -1072,13 +1007,0 @@ Use the following condition keys to compare details about the network that the r
-###### Contents
-
-  * [aws:SourceIp](./reference_policies_condition-keys.html#condition-keys-sourceip)
-
-  * [aws:SourceVpc](./reference_policies_condition-keys.html#condition-keys-sourcevpc)
-
-  * [aws:SourceVpce](./reference_policies_condition-keys.html#condition-keys-sourcevpce)
-
-  * [aws:VpcSourceIp](./reference_policies_condition-keys.html#condition-keys-vpcsourceip)
-
-
-
-
@@ -1241,13 +1163,0 @@ Use the following condition keys to compare details about the resource that is t
-###### Contents
-
-  * [aws:ResourceAccount](./reference_policies_condition-keys.html#condition-keys-resourceaccount)
-
-  * [aws:ResourceOrgPaths](./reference_policies_condition-keys.html#condition-keys-resourceorgpaths)
-
-  * [aws:ResourceOrgID](./reference_policies_condition-keys.html#condition-keys-resourceorgid)
-
-  * [aws:ResourceTag/tag-key](./reference_policies_condition-keys.html#condition-keys-resourcetag)
-
-
-
-
@@ -1641 +1551 @@ In the following video, learn more about how you might use the `aws:ResourceOrgI
-### aws:ResourceTag/_tag-key_
+### aws:ResourceTag/tag-key
@@ -1666,37 +1575,0 @@ Use the following condition keys to compare details about the request itself and
-###### Contents
-
-  * [aws:CalledVia](./reference_policies_condition-keys.html#condition-keys-calledvia)
-
-  * [aws:CalledViaFirst](./reference_policies_condition-keys.html#condition-keys-calledviafirst)
-
-  * [aws:CalledViaLast](./reference_policies_condition-keys.html#condition-keys-calledvialast)
-
-  * [aws:ViaAWSService](./reference_policies_condition-keys.html#condition-keys-viaawsservice)
-
-  * [aws:CurrentTime](./reference_policies_condition-keys.html#condition-keys-currenttime)
-
-  * [aws:EpochTime](./reference_policies_condition-keys.html#condition-keys-epochtime)
-
-  * [aws:referer](./reference_policies_condition-keys.html#condition-keys-referer)
-
-  * [aws:RequestedRegion](./reference_policies_condition-keys.html#condition-keys-requestedregion)
-
-  * [aws:RequestTag/tag-key](./reference_policies_condition-keys.html#condition-keys-requesttag)
-
-  * [aws:TagKeys](./reference_policies_condition-keys.html#condition-keys-tagkeys)
-
-  * [aws:SecureTransport](./reference_policies_condition-keys.html#condition-keys-securetransport)
-
-  * [aws:SourceAccount](./reference_policies_condition-keys.html#condition-keys-sourceaccount)
-
-  * [aws:SourceArn](./reference_policies_condition-keys.html#condition-keys-sourcearn)
-
-  * [aws:SourceOrgID](./reference_policies_condition-keys.html#condition-keys-sourceorgid)
-
-  * [aws:SourceOrgPaths](./reference_policies_condition-keys.html#condition-keys-sourceorgpaths)
-
-  * [aws:UserAgent](./reference_policies_condition-keys.html#condition-keys-useragent)
-
-
-
-
@@ -1966 +1839 @@ You can use this context key to limit access to AWS services within a given set
-### aws:RequestTag/_tag-key_
+### aws:RequestTag/tag-key