AWS systems-manager medium security documentation change
Summary
Changed 'IAM users' to 'IAM roles' in the list of valid access request approvers
Security assessment
Correcting the allowed approver type from IAM users to IAM roles prevents misconfigurations that could lead to unauthorized access approvals. This directly impacts access control security.
Diff
diff --git a/systems-manager/latest/userguide/systems-manager-just-in-time-node-access-create-manual-policies.md b/systems-manager/latest/userguide/systems-manager-just-in-time-node-access-create-manual-policies.md index a57ae774e..fd53f500b 100644 --- a//systems-manager/latest/userguide/systems-manager-just-in-time-node-access-create-manual-policies.md +++ b//systems-manager/latest/userguide/systems-manager-just-in-time-node-access-create-manual-policies.md @@ -21 +21 @@ The following procedure describes how to create manual approval policies. System - 6. In the **Access request approvers** section, enter the users or groups you want to be able to approve access requests to the node targets in the policy. Access request approvers can be IAM Identity Center users and groups or IAM users. You can specify up to 5 approvers per level, and up to 5 levels of approvers. + 6. In the **Access request approvers** section, enter the users or groups you want to be able to approve access requests to the node targets in the policy. Access request approvers can be IAM Identity Center users and groups or IAM roles. You can specify up to 5 approvers per level, and up to 5 levels of approvers.