AWS IAM documentation change
Summary
Added PowerShell V5 example for GetFederationToken with policy scope limitations
Security assessment
The example demonstrates security-conscious federation token usage by emphasizing policy intersection principles to prevent privilege escalation through token abuse
Diff
diff --git a/IAM/latest/UserGuide/sts_example_sts_GetFederationToken_section.md b/IAM/latest/UserGuide/sts_example_sts_GetFederationToken_section.md index 447088ce3..36436d954 100644 --- a//IAM/latest/UserGuide/sts_example_sts_GetFederationToken_section.md +++ b//IAM/latest/UserGuide/sts_example_sts_GetFederationToken_section.md @@ -100,0 +101,14 @@ PowerShell +**Tools for PowerShell V5** + + +**Example 1: Requests a federated token valid for one hour using "Bob" as the name of the federated user. This name can be used to reference the federated user name in a resource-based policy (such as an Amazon S3 bucket policy). The supplied IAM policy, in JSON format, is used to scope down the permissions that are available to the IAM user. The supplied policy cannot grant more permissions than those granted to the requesting user, with the final permissions for the federated user being the most restrictive set based on the intersection of the passed policy and the IAM user policy.** + + + Get-STSFederationToken -Name "Bob" -Policy "...JSON policy..." -DurationInSeconds 3600 + + + * For API details, see [GetFederationToken](https://docs.aws.amazon.com/powershell/v5/reference) in _AWS Tools for PowerShell Cmdlet Reference (V5)_. + + + +