AWS IAM documentation change
Summary
Removed two JSON policy examples using sts:RequestContextProviders and sts:RoleSessionName condition keys
Security assessment
Policy example removal without security context. No evidence of addressing vulnerabilities.
Diff
diff --git a/IAM/latest/UserGuide/reference_policies_iam-condition-keys.md b/IAM/latest/UserGuide/reference_policies_iam-condition-keys.md index 0a3623561..51a8ba3ae 100644 --- a//IAM/latest/UserGuide/reference_policies_iam-condition-keys.md +++ b//IAM/latest/UserGuide/reference_policies_iam-condition-keys.md @@ -1153,28 +1152,0 @@ The following example condition checks that the context provider ARN passed in t -JSON - - -**** - - - - { - "Version": "2012-10-17", - "Statement": { - "Action": "sts:SetContext", - "Effect": "Allow", - "Resource": "*", - "Condition": { - "ForAllValues:ArnEquals": { - "sts:RequestContextProviders": [ - "arn:aws:iam::aws:contextProvider/IdentityCenter" - ] - }, - "Null": { - "sts:RequestContextProviders": "false" - } - } - } - } - - - @@ -1200,23 +1171,0 @@ You can use any single-valued condition key as a [variable](./reference_policies -JSON - - -**** - - - - { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "RoleTrustPolicyRequireUsernameForSessionName", - "Effect": "Allow", - "Action": "sts:AssumeRole", - "Principal": {"AWS": "arn:aws:iam::111122223333:root"}, - "Condition": { - "StringLike": {"sts:RoleSessionName": "${aws:username}"} - } - } - ] - } - -