AWS odb documentation change
Summary
Updated terminology from 'policy examples' to 'policies' and corrected 'inked' to 'linked' in tenancy reference
Security assessment
Terminology standardization and typo fix without security implications. Clarifies deployment architecture but doesn't introduce security controls
Diff
diff --git a/odb/latest/UserGuide/security-iam.md b/odb/latest/UserGuide/security-iam.md index fc0d40117..9c46fef14 100644 --- a//odb/latest/UserGuide/security-iam.md +++ b//odb/latest/UserGuide/security-iam.md @@ -21 +21 @@ AWS Identity and Access Management (IAM) is an AWS service that helps an adminis - * [Identity-based policy examples for Oracle Database@AWS](./security_iam_id-based-policy-examples.html) + * [Identity-based policies for Oracle Database@AWS](./security_iam_id-based-policy-examples.html) @@ -40 +40 @@ How you use AWS Identity and Access Management (IAM) differs, depending on the w -**IAM administrator** – If you're an IAM administrator, you might want to learn details about how you can write policies to manage access to Oracle Database@AWS. To view example Oracle Database@AWS identity-based policies that you can use in IAM, see [Identity-based policy examples for Oracle Database@AWS](./security_iam_id-based-policy-examples.html). +**IAM administrator** – If you're an IAM administrator, you might want to learn details about how you can write policies to manage access to Oracle Database@AWS. To view example Oracle Database@AWS identity-based policies that you can use in IAM, see [Identity-based policies for Oracle Database@AWS](./security_iam_id-based-policy-examples.html). @@ -148 +148 @@ When multiple types of policies apply to a request, the resulting permissions ar -When you use AWS APIs to create resources for Oracle Database@AWS, those resources logically reside in your inked Oracle Cloud Infrastructure (OCI) tenancy. To deploy these resources, AWS communicates with OCI APIs on your behalf. To mitigate the confused deputy problem, OCI and Oracle Database@AWS use AWS STS as a trusted entity and forward access sessions to authorize your intent to use OCI APIs in your linked tenancy. Consequently, events are recorded for the `sts:getCallerIdentity` API from OCI IP space in your AWS CloudTrail trails and events history. Expect these events when you use Oracle Database@AWS APIs. +When you use AWS APIs to create resources for Oracle Database@AWS, those resources logically reside in your linked Oracle Cloud Infrastructure (OCI) tenancy. To deploy these resources, AWS communicates with OCI APIs on your behalf. To mitigate the confused deputy problem, OCI and Oracle Database@AWS use AWS STS as a trusted entity and forward access sessions to authorize your intent to use OCI APIs in your linked tenancy. Consequently, events are recorded for the `sts:getCallerIdentity` API from OCI IP space in your AWS CloudTrail trails and events history. Expect these events when you use Oracle Database@AWS APIs.