AWS Security ChangesHomeSearch

AWS IAM documentation change

Service: IAM · 2025-08-28 · Documentation low

File: IAM/latest/UserGuide/reference_policies_iam-condition-keys.md

Summary

Removed two JSON policy examples using sts:RequestContextProviders and sts:RoleSessionName condition keys

Security assessment

Policy example removal without security context. No evidence of addressing vulnerabilities.

Diff

diff --git a/IAM/latest/UserGuide/reference_policies_iam-condition-keys.md b/IAM/latest/UserGuide/reference_policies_iam-condition-keys.md
index 0a3623561..51a8ba3ae 100644
--- a//IAM/latest/UserGuide/reference_policies_iam-condition-keys.md
+++ b//IAM/latest/UserGuide/reference_policies_iam-condition-keys.md
@@ -1153,28 +1152,0 @@ The following example condition checks that the context provider ARN passed in t
-JSON
-    
-
-****
-    
-    
-    
-    {
-      "Version": "2012-10-17",
-      "Statement": {
-        "Action": "sts:SetContext",
-        "Effect": "Allow",
-        "Resource": "*",
-        "Condition": {
-          "ForAllValues:ArnEquals": {
-            "sts:RequestContextProviders": [
-              "arn:aws:iam::aws:contextProvider/IdentityCenter"
-            ]
-          },
-          "Null": {
-            "sts:RequestContextProviders": "false"
-          }
-        }
-      }
-    }
-    
-    
-
@@ -1200,23 +1171,0 @@ You can use any single-valued condition key as a [variable](./reference_policies
-JSON
-    
-
-****
-    
-    
-    
-    {
-        "Version": "2012-10-17",
-        "Statement": [
-            {
-                "Sid": "RoleTrustPolicyRequireUsernameForSessionName",
-                "Effect": "Allow",
-                "Action": "sts:AssumeRole",
-                "Principal": {"AWS": "arn:aws:iam::111122223333:root"},
-                "Condition": {
-                    "StringLike": {"sts:RoleSessionName": "${aws:username}"}
-                }
-            }
-        ]
-    }
-    
-