AWS autoscaling documentation change
Summary
Condensed documentation about temporary credentials and removed redundant explanation about identity-based policy principals. Added consolidated guidance recommending temporary credentials over long-term access keys.
Security assessment
The change emphasizes security best practices by recommending temporary credentials instead of long-term access keys, which reduces exposure to credential compromise. However, there's no evidence of addressing a specific vulnerability or incident - this is general security guidance improvement.
Diff
diff --git a/autoscaling/application/userguide/security_iam_service-with-iam.md b/autoscaling/application/userguide/security_iam_service-with-iam.md index b6af6e9b8..deaa8e06c 100644 --- a//autoscaling/application/userguide/security_iam_service-with-iam.md +++ b//autoscaling/application/userguide/security_iam_service-with-iam.md @@ -36 +36 @@ Identity-based policies are JSON permissions policy documents that you can attac -With IAM identity-based policies, you can specify allowed or denied actions and resources as well as the conditions under which actions are allowed or denied. You can't specify the principal in an identity-based policy because it applies to the user or role to which it is attached. To learn about all of the elements that you can use in a JSON policy, see [IAM JSON policy elements reference](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements.html) in the _IAM User Guide_. +With IAM identity-based policies, you can specify allowed or denied actions and resources as well as the conditions under which actions are allowed or denied. To learn about all of the elements that you can use in a JSON policy, see [IAM JSON policy elements reference](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements.html) in the _IAM User Guide_. @@ -141,5 +141 @@ For more information about ABAC, see [What is ABAC?](https://docs.aws.amazon.com -Some AWS services don't work when you sign in using temporary credentials. For additional information, including which AWS services work with temporary credentials, see [AWS services that work with IAM](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-services-that-work-with-iam.html) in the _IAM User Guide_. - -You are using temporary credentials if you sign in to the AWS Management Console using any method except a user name and password. For example, when you access AWS using your company's single sign-on (SSO) link, that process automatically creates temporary credentials. You also automatically create temporary credentials when you sign in to the console as a user and then switch roles. For more information about switching roles, see [Switch from a user to an IAM role (console)](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-console.html) in the _IAM User Guide_. - -You can manually create temporary credentials using the AWS CLI or AWS API. You can then use those temporary credentials to access AWS. AWS recommends that you dynamically generate temporary credentials instead of using long-term access keys. For more information, see [Temporary security credentials in IAM](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html). +Temporary credentials provide short-term access to AWS resources and are automatically created when you use federation or switch roles. AWS recommends that you dynamically generate temporary credentials instead of using long-term access keys. For more information, see [Temporary security credentials in IAM](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html) and [AWS services that work with IAM](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-services-that-work-with-iam.html) in the _IAM User Guide_.