AWS Monitron documentation change
Summary
Simplified explanations of advanced policy types (permissions boundaries, SCPs, RCPs, session policies) by removing redundant details while maintaining core security concepts.
Security assessment
The changes are editorial improvements to existing security documentation about IAM policies. While the content relates to security controls, there is no evidence of addressing a specific vulnerability or incident. The modifications streamline explanations without altering security guidance.
Diff
diff --git a/Monitron/latest/user-guide/security_iam_access-manage-other-policies.md b/Monitron/latest/user-guide/security_iam_access-manage-other-policies.md index 3fd229338..a17d15ab4 100644 --- a//Monitron/latest/user-guide/security_iam_access-manage-other-policies.md +++ b//Monitron/latest/user-guide/security_iam_access-manage-other-policies.md @@ -9 +9 @@ Amazon Monitron is no longer open to new customers. Existing customers can conti -AWS supports additional, less-common policy types. These policy types can set the maximum permissions granted to you by the more common policy types. +AWS supports additional policy types that can set the maximum permissions granted by more common policy types: @@ -11 +11 @@ AWS supports additional, less-common policy types. These policy types can set th - * **Permissions boundaries** – A permissions boundary is an advanced feature in which you set the maximum permissions that an identity-based policy can grant to an IAM entity (IAM user or role). You can set a permissions boundary for an entity. The resulting permissions are the intersection of an entity's identity-based policies and its permissions boundaries. Resource-based policies that specify the user or role in the `Principal` field are not limited by the permissions boundary. An explicit deny in any of these policies overrides the allow. For more information about permissions boundaries, see [Permissions boundaries for IAM entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) in the _IAM User Guide_. + * **Permissions boundaries** – Set the maximum permissions that an identity-based policy can grant to an IAM entity. For more information, see [Permissions boundaries for IAM entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) in the _IAM User Guide_. @@ -13 +13 @@ AWS supports additional, less-common policy types. These policy types can set th - * **Service control policies (SCPs)** – SCPs are JSON policies that specify the maximum permissions for an organization or organizational unit (OU) in AWS Organizations. AWS Organizations is a service for grouping and centrally managing multiple AWS accounts that your business owns. If you enable all features in an organization, then you can apply service control policies (SCPs) to any or all of your accounts. The SCP limits permissions for entities in member accounts, including each AWS account root user. For more information about Organizations and SCPs, see [Service control policies](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html) in the _AWS Organizations User Guide_. + * **Service control policies (SCPs)** – Specify the maximum permissions for an organization or organizational unit in AWS Organizations. For more information, see [Service control policies](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html) in the _AWS Organizations User Guide_. @@ -15 +15 @@ AWS supports additional, less-common policy types. These policy types can set th - * **Resource control policies (RCPs)** – RCPs are JSON policies that you can use to set the maximum available permissions for resources in your accounts without updating the IAM policies attached to each resource that you own. The RCP limits permissions for resources in member accounts and can impact the effective permissions for identities, including the AWS account root user, regardless of whether they belong to your organization. For more information about Organizations and RCPs, including a list of AWS services that support RCPs, see [Resource control policies (RCPs)](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_rcps.html) in the _AWS Organizations User Guide_. + * **Resource control policies (RCPs)** – Set the maximum available permissions for resources in your accounts. For more information, see [Resource control policies (RCPs)](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_rcps.html) in the _AWS Organizations User Guide_. @@ -17 +17 @@ AWS supports additional, less-common policy types. These policy types can set th - * **Session policies** – Session policies are advanced policies that you pass as a parameter when you programmatically create a temporary session for a role or federated user. The resulting session's permissions are the intersection of the user or role's identity-based policies and the session policies. Permissions can also come from a resource-based policy. An explicit deny in any of these policies overrides the allow. For more information, see [Session policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) in the _IAM User Guide_. + * **Session policies** – Advanced policies passed as a parameter when creating a temporary session for a role or federated user. For more information, see [Session policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) in the _IAM User Guide_.