AWS Security ChangesHomeSearch

AWS Monitron documentation change

Service: Monitron · 2025-10-22 · Documentation low

File: Monitron/latest/user-guide/security_iam_authentication-iamuser.md

Summary

Updated IAM user documentation to emphasize temporary credentials and federation over long-term credentials, removed details on IAM groups and roles.

Security assessment

The change promotes using temporary credentials via federation, which enhances security by reducing reliance on long-term credentials. However, there's no direct evidence of addressing a specific security vulnerability.

Diff

diff --git a/Monitron/latest/user-guide/security_iam_authentication-iamuser.md b/Monitron/latest/user-guide/security_iam_authentication-iamuser.md
index dad75c959..553ddb899 100644
--- a//Monitron/latest/user-guide/security_iam_authentication-iamuser.md
+++ b//Monitron/latest/user-guide/security_iam_authentication-iamuser.md
@@ -9 +9 @@ Amazon Monitron is no longer open to new customers. Existing customers can conti
-An _[IAM user](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users.html)_ is an identity within your AWS account that has specific permissions for a single person or application. Where possible, we recommend relying on temporary credentials instead of creating IAM users who have long-term credentials such as passwords and access keys. However, if you have specific use cases that require long-term credentials with IAM users, we recommend that you rotate access keys. For more information, see [Rotate access keys regularly for use cases that require long-term credentials](https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#rotate-credentials) in the _IAM User Guide_.
+An _[IAM user](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users.html)_ is an identity with specific permissions for a single person or application. We recommend using temporary credentials instead of IAM users with long-term credentials. For more information, see [Require human users to use federation with an identity provider to access AWS using temporary credentials](https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#bp-users-federation-idp) in the _IAM User Guide_.
@@ -11,3 +11 @@ An _[IAM user](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users.html)_
-An [_IAM group_](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups.html) is an identity that specifies a collection of IAM users. You can't sign in as a group. You can use groups to specify permissions for multiple users at a time. Groups make permissions easier to manage for large sets of users. For example, you could have a group named _IAMAdmins_ and give that group permissions to administer IAM resources.
-
-Users are different from roles. A user is uniquely associated with one person or application, but a role is intended to be assumable by anyone who needs it. Users have permanent long-term credentials, but roles provide temporary credentials. To learn more, see [Use cases for IAM users](https://docs.aws.amazon.com/IAM/latest/UserGuide/gs-identities-iam-users.html) in the _IAM User Guide_.
+An [_IAM group_](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups.html) specifies a collection of IAM users and makes permissions easier to manage for large sets of users. For more information, see [Use cases for IAM users](https://docs.aws.amazon.com/IAM/latest/UserGuide/gs-identities-iam-users.html) in the _IAM User Guide_.