AWS singlesignon documentation change
Summary
Updated contractions to full words ('don't' to 'do not', 'won't' to 'will not') and minor phrasing adjustments
Security assessment
Changes are grammatical improvements without altering security guidance. The 12-hour Deny policy retention advice remains unchanged, maintaining existing security posture.
Diff
diff --git a/singlesignon/latest/userguide/revoke-user-permissions.md b/singlesignon/latest/userguide/revoke-user-permissions.md index e917709b4..59f63f9f2 100644 --- a//singlesignon/latest/userguide/revoke-user-permissions.md +++ b//singlesignon/latest/userguide/revoke-user-permissions.md @@ -19 +19 @@ AWS recommends you build automation to handle all steps except console-only oper - 4. If you use an identity provider (IdP) or Microsoft Active Directory as an identity source, disable the user in the identity source. Disabling the user prevents the creation of additional AWS access portal sessions. Use your IdP or Microsoft Active Directory API documentation to learn how to automate this step. If you're using the IAM Identity Center directory as an identity source, don't disable user access yet. You'll disable user access in step 6. + 4. If you use an identity provider (IdP) or Microsoft Active Directory as an identity source, disable the user in the identity source. Disabling the user prevents the creation of additional AWS access portal sessions. Use your IdP or Microsoft Active Directory API documentation to learn how to automate this step. If you are using the IAM Identity Center directory as an identity source, do not disable user access yet. You'll disable user access in step 6. @@ -41 +41 @@ After deleting a user session, the user will immediately lose access to the AWS - 7. Leave the Deny policy in place for at least 12 hours. Otherwise, the user with an active IAM role session will have restored actions with the IAM role. If you wait 12 hours, active sessions expire and the user won't be able to access the IAM role again. + 7. Leave the Deny policy in place for at least 12 hours. Otherwise, the user with an active IAM role session will have restored actions with the IAM role. If you wait 12 hours, active sessions expire and the user will not be able to access the IAM role again.