AWS Security ChangesHomeSearch

AWS prescriptive-guidance documentation change

Service: prescriptive-guidance · 2025-06-28 · Documentation low

File: prescriptive-guidance/latest/patterns/automatically-rotate-iam-user-access-keys-at-scale-with-aws-organizations-and-aws-secrets-manager.md

Summary

Formatting changes to Important note and markdown tables, author attribution update

Security assessment

Formatting improvements to existing security best practice guidance. No new security content added - maintains existing warnings about long-term credentials.

Diff

diff --git a/prescriptive-guidance/latest/patterns/automatically-rotate-iam-user-access-keys-at-scale-with-aws-organizations-and-aws-secrets-manager.md b/prescriptive-guidance/latest/patterns/automatically-rotate-iam-user-access-keys-at-scale-with-aws-organizations-and-aws-secrets-manager.md
index 2d06a6089..0722f3d8a 100644
--- a//prescriptive-guidance/latest/patterns/automatically-rotate-iam-user-access-keys-at-scale-with-aws-organizations-and-aws-secrets-manager.md
+++ b//prescriptive-guidance/latest/patterns/automatically-rotate-iam-user-access-keys-at-scale-with-aws-organizations-and-aws-secrets-manager.md
@@ -9 +9 @@ SummaryPrerequisites and limitationsArchitectureToolsEpicsRelated resources
- _Created by Tracy Hickey (AWS), Gaurav Verma (AWS), Laura Seletos (AWS), Michael Davie (AWS), and Arvind Patel (AWS)_
+ _Tracy Hickey, Michael Davie, Arvind Patel, Laura Seletos, and Gaurav Verma, Amazon Web Services_
@@ -13,3 +13 @@ SummaryPrerequisites and limitationsArchitectureToolsEpicsRelated resources
-###### Important
-
-As a [best practice](https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#bp-users-federation-idp), AWS recommends that you use AWS Identity and Access Management (IAM) roles instead of IAM users with long-term credentials such as access keys. The approach documented in this pattern is intended only for legacy implementations that require long-lived AWS API credentials. For these implementations, we still recommend that you consider options for using short-term credentials, such as using [Amazon Elastic Compute Cloud (Amazon EC2) instance profiles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html) or [IAM Roles Anywhere](https://docs.aws.amazon.com/rolesanywhere/latest/userguide/introduction.html). The approach in this article is only for cases where you are unable to change to using short-term credentials immediately, and you require long-term credentials to be rotated on a schedule. With this approach, you are responsible for periodically updating your legacy application code or configuration to use the rotated API credentials.  
+Important: As a [best practice](https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#bp-users-federation-idp), AWS recommends that you use AWS Identity and Access Management (IAM) roles instead of IAM users with long-term credentials such as access keys. The approach documented in this pattern is intended only for legacy implementations that require long-lived AWS API credentials. For these implementations, we still recommend that you consider options for using short-term credentials, such as using [Amazon Elastic Compute Cloud (Amazon EC2) instance profiles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html) or [IAM Roles Anywhere](https://docs.aws.amazon.com/rolesanywhere/latest/userguide/introduction.html). The approach in this article is only for cases where you are unable to change to using short-term credentials immediately, and you require long-term credentials to be rotated on a schedule. With this approach, you are responsible for periodically updating your legacy application code or configuration to use the rotated API credentials.  
@@ -164 +162 @@ The required AWS CloudFormation templates, Python scripts, and runbook documenta
-**Template**| **Deploy in**| **Notes**  
+Template| Deploy in| Notes