AWS singlesignon documentation change
Summary
Replaced 'can't' with 'cannot' in IAM policy descriptions
Security assessment
Language standardization in policy documentation. No changes to actual permissions or security controls described.
Diff
diff --git a/singlesignon/latest/userguide/security-iam-awsmanpol.md b/singlesignon/latest/userguide/security-iam-awsmanpol.md index b3f90195b..1bc7b330c 100644 --- a//singlesignon/latest/userguide/security-iam-awsmanpol.md +++ b//singlesignon/latest/userguide/security-iam-awsmanpol.md @@ -242 +242 @@ You can attach the `AWSSSODirectoryReadOnly` policy to your IAM identities. -This policy grants read-only permissions that allow users to view users and groups in IAM Identity Center. Principals with this policy attached cannot view IAM Identity Center assignments, permission sets, applications, or settings. Principals with this policy attached can't make any updates in IAM Identity Center. For example, principals with these permissions can view IAM Identity Center users, but they can't change any user attributes or assign MFA devices. +This policy grants read-only permissions that allow users to view users and groups in IAM Identity Center. Principals with this policy attached cannot view IAM Identity Center assignments, permission sets, applications, or settings. Principals with this policy attached cannot make any updates in IAM Identity Center. For example, principals with these permissions can view IAM Identity Center users, but they cannot change any user attributes or assign MFA devices. @@ -260 +260 @@ You can attach the `AWSIdentitySyncReadOnlyAccess` policy to your IAM identities -This policy grants read-only permissions that allow users to view information about the identity synchronization profile, filters, and target settings. Principals with this policy attached can't make any updates to synchronization settings. For example, principals with these permissions can view identity synchronization settings, but can't change any of the profile or filter values. +This policy grants read-only permissions that allow users to view information about the identity synchronization profile, filters, and target settings. Principals with this policy attached cannot make any updates to synchronization settings. For example, principals with these permissions can view identity synchronization settings, but cannot change any of the profile or filter values. @@ -266 +266 @@ To view the permissions for this policy, see [AWSIdentitySyncReadOnlyAccess](htt -You can't attach the `AWSSSOServiceRolePolicy` policy to your IAM identities. +You cannot attach the `AWSSSOServiceRolePolicy` policy to your IAM identities.