AWS code-library documentation change
Summary
Added PowerShell V5 example for GetFederationToken with policy scoping and permission boundaries
Security assessment
Explains security controls around federated tokens and permission intersection policies, but does not indicate any specific security issue being resolved. This is a documentation improvement for existing security features.
Diff
diff --git a/code-library/latest/ug/sts_example_sts_GetFederationToken_section.md b/code-library/latest/ug/sts_example_sts_GetFederationToken_section.md index accbd1da8..9d8887b33 100644 --- a//code-library/latest/ug/sts_example_sts_GetFederationToken_section.md +++ b//code-library/latest/ug/sts_example_sts_GetFederationToken_section.md @@ -102,0 +103,14 @@ PowerShell +**Tools for PowerShell V5** + + +**Example 1: Requests a federated token valid for one hour using "Bob" as the name of the federated user. This name can be used to reference the federated user name in a resource-based policy (such as an Amazon S3 bucket policy). The supplied IAM policy, in JSON format, is used to scope down the permissions that are available to the IAM user. The supplied policy cannot grant more permissions than those granted to the requesting user, with the final permissions for the federated user being the most restrictive set based on the intersection of the passed policy and the IAM user policy.** + + + Get-STSFederationToken -Name "Bob" -Policy "...JSON policy..." -DurationInSeconds 3600 + + + * For API details, see [GetFederationToken](https://docs.aws.amazon.com/powershell/v5/reference) in _AWS Tools for PowerShell Cmdlet Reference (V5)_. + + + +