AWS singlesignon documentation change
Summary
Removed JSON policy examples for SAML federation setup and cross-account role assumption
Security assessment
The changes remove example IAM policies but do not indicate any security vulnerability being addressed. This appears to be documentation cleanup rather than security-related modification.
Diff
diff --git a/singlesignon/latest/userguide/emergency-access-one-time-setup-direct-IAM-federation-application-in-idp.md b/singlesignon/latest/userguide/emergency-access-one-time-setup-direct-IAM-federation-application-in-idp.md index 626cf8191..123f1f897 100644 --- a//singlesignon/latest/userguide/emergency-access-one-time-setup-direct-IAM-federation-application-in-idp.md +++ b//singlesignon/latest/userguide/emergency-access-one-time-setup-direct-IAM-federation-application-in-idp.md @@ -25,30 +24,0 @@ In the figure above, the `role` variable is for the emergency operations role in -JSON - - -**** - - - { - "Version": "2012-10-17", - "Statement": [ - { - "Effect":"Allow", - "Principal":{ - "Federated":"arn:aws:iam::123456789012:saml-provider/Okta" - }, - "Action":[ - "sts:AssumeRoleWithSAML", - "sts:SetSourceIdentity", - "sts:TagSession" - ], - "Condition":{ - "StringEquals":{ - "SAML:aud":"https:~/~/signin.aws.amazon.com/saml" - } - } - } - ] - } - - - @@ -57,21 +26,0 @@ JSON -JSON - - -**** - - - { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": "sts:AssumeRole", - "Resource": [ - "arn:aws:iam::<account 1>:role/EmergencyAccess_RO", - "arn:aws:iam::<account 2>:role/EmergencyAccess_RO" - ] - } - ] - } - -