AWS IAM documentation change
Summary
Changed example username from 'ShirleyRodriguez' to 'Shirley' in permissions boundary documentation
Security assessment
This change only simplifies an example username in documentation. The security concepts and permissions boundary implementation details remain unchanged, with no evidence of addressing vulnerabilities or modifying security features.
Diff
diff --git a/IAM/latest/UserGuide/access_policies_boundaries.md b/IAM/latest/UserGuide/access_policies_boundaries.md index 8167669b2..0bcc40e62 100644 --- a//IAM/latest/UserGuide/access_policies_boundaries.md +++ b//IAM/latest/UserGuide/access_policies_boundaries.md @@ -19 +19 @@ You can use an AWS managed policy or a customer managed policy to set the bounda -For example, assume that the IAM user named `ShirleyRodriguez` should be allowed to manage only Amazon S3, Amazon CloudWatch, and Amazon EC2. To enforce this rule, you can use the following policy to set the permissions boundary for the `ShirleyRodriguez` user: +For example, assume that the IAM user named `Shirley` should be allowed to manage only Amazon S3, Amazon CloudWatch, and Amazon EC2. To enforce this rule, you can use the following policy to set the permissions boundary for the `Shirley` user: @@ -37 +37 @@ For example, assume that the IAM user named `ShirleyRodriguez` should be allowed -When you use a policy to set the permissions boundary for a user, it limits the user's permissions but does not provide permissions on its own. In this example, the policy sets the maximum permissions of `ShirleyRodriguez` as all operations in Amazon S3, CloudWatch, and Amazon EC2. Shirley can never perform operations in any other service, including IAM, even if she has a permissions policy that allows it. For example, you can add the following policy to the `ShirleyRodriguez` user: +When you use a policy to set the permissions boundary for a user, it limits the user's permissions but does not provide permissions on its own. In this example, the policy sets the maximum permissions of `Shirley` as all operations in Amazon S3, CloudWatch, and Amazon EC2. Shirley can never perform operations in any other service, including IAM, even if she has a permissions policy that allows it. For example, you can add the following policy to the `Shirley` user: @@ -49 +49 @@ When you use a policy to set the permissions boundary for a user, it limits the -This policy allows creating a user in IAM. If you attach this permissions policy to the `ShirleyRodriguez` user, and Shirley tries to create a user, the operation fails. It fails because the permissions boundary does not allow the `iam:CreateUser` operation. Given these two policies, Shirley does not have permission to perform any operations in AWS. You must add a different permissions policy to allow actions in other services, such as Amazon S3. Alternatively, you could update the permissions boundary to allow her to create a user in IAM. +This policy allows creating a user in IAM. If you attach this permissions policy to the `Shirley` user, and Shirley tries to create a user, the operation fails. It fails because the permissions boundary does not allow the `iam:CreateUser` operation. Given these two policies, Shirley does not have permission to perform any operations in AWS. You must add a different permissions policy to allow actions in other services, such as Amazon S3. Alternatively, you could update the permissions boundary to allow her to create a user in IAM.