AWS Security ChangesHomeSearch

AWS systems-manager medium security documentation change

Service: systems-manager · 2025-06-19 · Security-related medium

File: systems-manager/latest/userguide/systems-manager-just-in-time-node-access-setting-up.md

Summary

Added authentication support details specifying STS AssumeRole requirements

Security assessment

Clarifying that only temporary STS credentials are supported enforces secure authentication practices, reducing risks associated with long-term credentials.

Diff

diff --git a/systems-manager/latest/userguide/systems-manager-just-in-time-node-access-setting-up.md b/systems-manager/latest/userguide/systems-manager-just-in-time-node-access-setting-up.md
index 2d0238c33..198b4fa5c 100644
--- a//systems-manager/latest/userguide/systems-manager-just-in-time-node-access-setting-up.md
+++ b//systems-manager/latest/userguide/systems-manager-just-in-time-node-access-setting-up.md
@@ -14,0 +15,17 @@ Setting up just-in-time node access doesn't affect existing IAM policies or pref
+###### Authentication support
+
+Note the following details about authentication support used for just-in-time node access:
+
+  * Just-in-time node access doesn't support the Single Sign-On authentication type when connecting to Windows Server instances with Remote Desktop.
+
+  * Only AWS Security Token Service (AWS STS) `AssumeRole` temporary security credentials are supported. For more information, see the following topics in the _IAM User Guide_ : 
+
+  *     * [Temporary security credentials in IAM](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html)
+
+    * [Comparing AWS STS credentials](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_sts-comparison.html)
+
+    * [Requesting temporary security credentials](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
+
+
+
+