AWS systems-manager medium security documentation change
Summary
Added authentication support details specifying STS AssumeRole requirements
Security assessment
Clarifying that only temporary STS credentials are supported enforces secure authentication practices, reducing risks associated with long-term credentials.
Diff
diff --git a/systems-manager/latest/userguide/systems-manager-just-in-time-node-access-setting-up.md b/systems-manager/latest/userguide/systems-manager-just-in-time-node-access-setting-up.md index 2d0238c33..198b4fa5c 100644 --- a//systems-manager/latest/userguide/systems-manager-just-in-time-node-access-setting-up.md +++ b//systems-manager/latest/userguide/systems-manager-just-in-time-node-access-setting-up.md @@ -14,0 +15,17 @@ Setting up just-in-time node access doesn't affect existing IAM policies or pref +###### Authentication support + +Note the following details about authentication support used for just-in-time node access: + + * Just-in-time node access doesn't support the Single Sign-On authentication type when connecting to Windows Server instances with Remote Desktop. + + * Only AWS Security Token Service (AWS STS) `AssumeRole` temporary security credentials are supported. For more information, see the following topics in the _IAM User Guide_ : + + * * [Temporary security credentials in IAM](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html) + + * [Comparing AWS STS credentials](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_sts-comparison.html) + + * [Requesting temporary security credentials](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html) + + + +