AWS Security ChangesHomeSearch

AWS singlesignon documentation change

Service: singlesignon · 2025-08-28 · Documentation low

File: singlesignon/latest/userguide/emergency-access-one-time-setup-direct-IAM-federation-application-in-idp.md

Summary

Removed JSON policy examples for SAML federation setup and cross-account role assumption

Security assessment

The changes remove example IAM policies but do not indicate any security vulnerability being addressed. This appears to be documentation cleanup rather than security-related modification.

Diff

diff --git a/singlesignon/latest/userguide/emergency-access-one-time-setup-direct-IAM-federation-application-in-idp.md b/singlesignon/latest/userguide/emergency-access-one-time-setup-direct-IAM-federation-application-in-idp.md
index 626cf8191..123f1f897 100644
--- a//singlesignon/latest/userguide/emergency-access-one-time-setup-direct-IAM-federation-application-in-idp.md
+++ b//singlesignon/latest/userguide/emergency-access-one-time-setup-direct-IAM-federation-application-in-idp.md
@@ -25,30 +24,0 @@ In the figure above, the `role` variable is for the emergency operations role in
-JSON
-    
-
-****
-    
-    
-        {
-        "Version": "2012-10-17",
-        "Statement": [
-          {
-             "Effect":"Allow",
-             "Principal":{
-                "Federated":"arn:aws:iam::123456789012:saml-provider/Okta"
-             },
-             "Action":[
-                "sts:AssumeRoleWithSAML",
-                "sts:SetSourceIdentity",
-                "sts:TagSession"
-             ],
-             "Condition":{
-                "StringEquals":{
-                   "SAML:aud":"https:~/~/signin.aws.amazon.com/saml"
-                }
-             }
-          }
-       ]
-    }
-    
-    
-
@@ -57,21 +26,0 @@ JSON
-JSON
-    
-
-****
-    
-    
-        {
-        "Version": "2012-10-17",
-        "Statement": [
-            {
-                "Effect": "Allow",
-                "Action": "sts:AssumeRole",
-                "Resource": [
-                    "arn:aws:iam::<account 1>:role/EmergencyAccess_RO",
-                    "arn:aws:iam::<account 2>:role/EmergencyAccess_RO"
-                ]
-            }
-        ]
-    }
-    
-