AWS IAM documentation change
Summary
Added guidance advising against including personally identifying information in IAM user names due to their appearance in ARNs
Security assessment
The change adds security documentation about protecting sensitive information by avoiding PII in IAM names. While not addressing a specific vulnerability, it provides security best practices guidance.
Diff
diff --git a/IAM/latest/UserGuide/id_users.md b/IAM/latest/UserGuide/id_users.md index 3fcb8d0e2..f653dcf9b 100644 --- a//IAM/latest/UserGuide/id_users.md +++ b//IAM/latest/UserGuide/id_users.md @@ -21 +21 @@ When you create an IAM user, IAM creates these ways to identify that user: - * A "friendly name" for the IAM user, which is the name that you specified when you created the IAM user, such as `Richard` or `Anaya`. These are the names you see in the AWS Management Console. + * A "friendly name" for the IAM user, which is the name that you specified when you created the IAM user, such as `Richard` or `Anaya`. These are the names you see in the AWS Management Console. Because IAM user names appear in Amazon Resource Names (ARNs), we do not recommend including personally identifying information in the IAM name. Refer to [IAM name requirements](./reference_iam-quotas.html#reference_iam-quotas-names) for requirements and restrictions for IAM names.