AWS Monitron documentation change
Summary
Simplified authentication methods, removed MFA recommendations and detailed federation explanations.
Security assessment
Removal of MFA guidance could reduce security posture awareness, but no concrete evidence links this change to a specific security issue resolution.
Diff
diff --git a/Monitron/latest/user-guide/security_iam_authentication.md b/Monitron/latest/user-guide/security_iam_authentication.md index d65819814..c348f8022 100644 --- a//Monitron/latest/user-guide/security_iam_authentication.md +++ b//Monitron/latest/user-guide/security_iam_authentication.md @@ -9 +9 @@ Amazon Monitron is no longer open to new customers. Existing customers can conti -Authentication is how you sign in to AWS using your identity credentials. You must be _authenticated_ (signed in to AWS) as the AWS account root user, as an IAM user, or by assuming an IAM role. +Authentication is how you sign in to AWS using your identity credentials. You must be authenticated as the AWS account root user, an IAM user, or by assuming an IAM role. @@ -11 +11 @@ Authentication is how you sign in to AWS using your identity credentials. You mu -You can sign in to AWS as a federated identity by using credentials provided through an identity source. AWS IAM Identity Center (IAM Identity Center) users, your company's single sign-on authentication, and your Google or Facebook credentials are examples of federated identities. When you sign in as a federated identity, your administrator previously set up identity federation using IAM roles. When you access AWS by using federation, you are indirectly assuming a role. +You can sign in as a federated identity using credentials from an identity source like AWS IAM Identity Center (IAM Identity Center), single sign-on authentication, or Google/Facebook credentials. For more information about signing in, see [How to sign in to your AWS account](https://docs.aws.amazon.com/signin/latest/userguide/how-to-sign-in.html) in the _AWS Sign-In User Guide_. @@ -13,5 +13 @@ You can sign in to AWS as a federated identity by using credentials provided thr -Depending on the type of user you are, you can sign in to the AWS Management Console or the AWS access portal. For more information about signing in to AWS, see [How to sign in to your AWS account](https://docs.aws.amazon.com/signin/latest/userguide/how-to-sign-in.html) in the _AWS Sign-In User Guide_. - -If you access AWS programmatically, AWS provides a software development kit (SDK) and a command line interface (CLI) to cryptographically sign your requests by using your credentials. If you don't use AWS tools, you must sign requests yourself. For more information about using the recommended method to sign requests yourself, see [AWS Signature Version 4 for API requests](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_sigv.html) in the _IAM User Guide_. - -Regardless of the authentication method that you use, you might be required to provide additional security information. For example, AWS recommends that you use multi-factor authentication (MFA) to increase the security of your account. To learn more, see [Multi-factor authentication](https://docs.aws.amazon.com/singlesignon/latest/userguide/enable-mfa.html) in the _AWS IAM Identity Center User Guide_ and [AWS Multi-factor authentication in IAM](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa.html) in the _IAM User Guide_. +For programmatic access, AWS provides an SDK and CLI to cryptographically sign requests. For more information, see [AWS Signature Version 4 for API requests](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_sigv.html) in the _IAM User Guide_.