AWS datatransferterminal documentation change
Summary
Updated documentation links to use hyphens instead of underscores in filenames, fixed apostrophe formatting, and made minor grammatical adjustments.
Security assessment
The changes primarily involve URL path corrections (hyphenation vs underscores) and typographical fixes (apostrophe formatting). There is no evidence of addressing a specific security vulnerability or introducing new security features. The updates are routine documentation maintenance to improve consistency and readability.
Diff
diff --git a/datatransferterminal/latest/userguide/security-iam.md b/datatransferterminal/latest/userguide/security-iam.md index cad72e066..9f622f192 100644 --- a//datatransferterminal/latest/userguide/security-iam.md +++ b//datatransferterminal/latest/userguide/security-iam.md @@ -19,7 +19 @@ AWS Identity and Access Management (IAM) is an AWS service that helps an adminis - * [How Data Transfer Terminal works with IAM](./security_iam_service-with-iam.html) - - * [Identity-based policy examples for AWS Data Transfer Terminal](./security_iam_id-based-policy-examples.html) - - * [Troubleshooting AWS Data Transfer Terminal identity and access](./security_iam_troubleshoot.html) - - * [Data Transfer Terminal API references: Actions and resources](./datadepot-api-references.html) + * [How Data Transfer Terminal works with IAM](./security-iam-service-with-iam.html) @@ -34 +28 @@ How you use AWS Identity and Access Management (IAM) differs, depending on the w -**Service user** – If you use the Data Transfer Terminal service to do your job, then your administrator provides you with the credentials and permissions that you need. As you use more Data Transfer Terminal features to do your work, you might need additional permissions. Understanding how access is managed can help you request the right permissions from your administrator. If you cannot access a feature in Data Transfer Terminal, see [Troubleshooting AWS Data Transfer Terminal identity and access](./security_iam_troubleshoot.html). +**Service user** – If you use the Data Transfer Terminal service to do your job, then your administrator provides you with the credentials and permissions that you need. As you use more Data Transfer Terminal features to do your work, you might need additional permissions. Understanding how access is managed can help you request the right permissions from your administrator. If you cannot access a feature in Data Transfer Terminal, see [Troubleshooting AWS Data Transfer Terminal identity and access](./security-iam-troubleshoot.html). @@ -36 +30 @@ How you use AWS Identity and Access Management (IAM) differs, depending on the w -**Service administrator** – If you're in charge of Data Transfer Terminal resources at your company, you probably have full access to Data Transfer Terminal. It's your job to determine which Data Transfer Terminal features and resources your service users should access. You must then submit requests to your IAM administrator to change the permissions of your service users. Review the information on this page to understand the basic concepts of IAM. To learn more about how your company can use IAM with Data Transfer Terminal, see [How Data Transfer Terminal works with IAM](./security_iam_service-with-iam.html). +**Service administrator** – If you’re in charge of Data Transfer Terminal resources at your company, you probably have full access to Data Transfer Terminal. It’s your job to determine which Data Transfer Terminal features and resources your service users should access. You must then submit requests to your IAM administrator to change the permissions of your service users. Review the information on this page to understand the basic concepts of IAM. To learn more about how your company can use IAM with Data Transfer Terminal, see [How Data Transfer Terminal works with IAM](./security-iam-service-with-iam.html). @@ -38 +32 @@ How you use AWS Identity and Access Management (IAM) differs, depending on the w -**IAM administrator** – If you're an IAM administrator, you might want to learn details about how you can write policies to manage access to Data Transfer Terminal. To view example Data Transfer Terminal identity-based policies that you can use in IAM, see [Identity-based policy examples for AWS Data Transfer Terminal](./security_iam_id-based-policy-examples.html). +**IAM administrator** – If you’re an IAM administrator, you might want to learn details about how you can write policies to manage access to Data Transfer Terminal. To view example Data Transfer Terminal identity-based policies that you can use in IAM, see [Identity-based policy examples for AWS Data Transfer Terminal](./security-iam-id-based-policy-examples.html). @@ -44 +38 @@ Authentication is how you sign in to AWS using your identity credentials. You mu -You can sign in to AWS as a federated identity by using credentials provided through an identity source. AWS IAM Identity Center (IAM Identity Center) users, your company's single sign-on authentication, and your Google or Facebook credentials are examples of federated identities. When you sign in as a federated identity, your administrator previously set up identity federation using IAM roles. When you access AWS by using federation, you are indirectly assuming a role. +You can sign in to AWS as a federated identity by using credentials provided through an identity source. AWS IAM Identity Center (IAM Identity Center) users, your company’s single sign-on authentication, and your Google or Facebook credentials are examples of federated identities. When you sign in as a federated identity, your administrator previously set up identity federation using IAM roles. When you access AWS by using federation, you are indirectly assuming a role. @@ -48 +42 @@ Depending on the type of user you are, you can sign in to the AWS Management Con -If you access AWS programmatically, AWS provides a software development kit (SDK) and a command line interface (CLI) to cryptographically sign your requests by using your credentials. If you don't use AWS tools, you must sign requests yourself. For more information about using the recommended method to sign requests yourself, see [AWS Signature Version 4 for API requests](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_sigv.html) in the _IAM User Guide_. +If you access AWS programmatically, AWS provides a software development kit (SDK) and a command line interface (CLI) to cryptographically sign your requests by using your credentials. If you don’t use AWS tools, you must sign requests yourself. For more information about using the recommended method to sign requests yourself, see [AWS Signature Version 4 for API requests](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_sigv.html) in the _IAM User Guide_. @@ -54 +48 @@ Regardless of the authentication method that you use, you might be required to p -When you create an AWS account, you begin with one sign-in identity that has complete access to all AWS services and resources in the account. This identity is called the AWS account _root user_ and is accessed by signing in with the email address and password that you used to create the account. We strongly recommend that you don't use the root user for your everyday tasks. Safeguard your root user credentials and use them to perform the tasks that only the root user can perform. For the complete list of tasks that require you to sign in as the root user, see [Tasks that require root user credentials](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html#root-user-tasks) in the _IAM User Guide_. +When you create an AWS account, you begin with one sign-in identity that has complete access to all AWS services and resources in the account. This identity is called the AWS account _root user_ and is accessed by signing in with the email address and password that you used to create the account. We strongly recommend that you don’t use the root user for your everyday tasks. Safeguard your root user credentials and use them to perform the tasks that only the root user can perform. For the complete list of tasks that require you to sign in as the root user, see [Tasks that require root user credentials](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html#root-user-tasks) in the _IAM User Guide_. @@ -68 +62 @@ An _[IAM user](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users.html)_ -An [_IAM group_](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups.html) is an identity that specifies a collection of IAM users. You can't sign in as a group. You can use groups to specify permissions for multiple users at a time. Groups make permissions easier to manage for large sets of users. For example, you could have a group named _IAMAdmins_ and give that group permissions to administer IAM resources. +An [IAM group](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups.html) is an identity that specifies a collection of IAM users. You can’t sign in as a group. You can use groups to specify permissions for multiple users at a time. Groups make permissions easier to manage for large sets of users. For example, you could have a group named _IAMAdmins_ and give that group permissions to administer IAM resources. @@ -84 +78 @@ IAM roles with temporary credentials are useful in the following situations: - * **Cross-service access** – Some AWS services use features in other AWS services. For example, when you make a call in a service, it's common for that service to run applications in Amazon EC2 or store objects in Amazon S3. A service might do this using the calling principal's permissions, using a service role, or using a service-linked role. + * **Cross-service access** – Some AWS services use features in other AWS services. For example, when you make a call in a service, it’s common for that service to run applications in Amazon EC2 or store objects in Amazon S3. A service might do this using the calling principal’s permissions, using a service role, or using a service-linked role. @@ -117 +111 @@ Resource-based policies are JSON policy documents that you attach to a resource. -Resource-based policies are inline policies that are located in that service. You can't use AWS managed policies from IAM in a resource-based policy. +Resource-based policies are inline policies that are located in that service. You can’t use AWS managed policies from IAM in a resource-based policy. @@ -129 +123 @@ AWS supports additional, less-common policy types. These policy types can set th - * **Permissions boundaries** – A permissions boundary is an advanced feature in which you set the maximum permissions that an identity-based policy can grant to an IAM entity (IAM user or role). You can set a permissions boundary for an entity. The resulting permissions are the intersection of an entity's identity-based policies and its permissions boundaries. Resource-based policies that specify the user or role in the `Principal` field are not limited by the permissions boundary. An explicit deny in any of these policies overrides the allow. For more information about permissions boundaries, see [Permissions boundaries for IAM entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) in the _IAM User Guide_. + * **Permissions boundaries** – A permissions boundary is an advanced feature in which you set the maximum permissions that an identity-based policy can grant to an IAM entity (IAM user or role). You can set a permissions boundary for an entity. The resulting permissions are the intersection of an entity’s identity-based policies and its permissions boundaries. Resource-based policies that specify the user or role in the `Principal` field are not limited by the permissions boundary. An explicit deny in any of these policies overrides the allow. For more information about permissions boundaries, see [Permissions boundaries for IAM entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) in the _IAM User Guide_. @@ -135 +129 @@ AWS supports additional, less-common policy types. These policy types can set th - * **Session policies** – Session policies are advanced policies that you pass as a parameter when you programmatically create a temporary session for a role or federated user. The resulting session's permissions are the intersection of the user or role's identity-based policies and the session policies. Permissions can also come from a resource-based policy. An explicit deny in any of these policies overrides the allow. For more information, see [Session policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) in the _IAM User Guide_. + * **Session policies** – Session policies are advanced policies that you pass as a parameter when you programmatically create a temporary session for a role or federated user. The resulting session’s permissions are the intersection of the user or role’s identity-based policies and the session policies. Permissions can also come from a resource-based policy. An explicit deny in any of these policies overrides the allow. For more information, see [Session policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) in the _IAM User Guide_.