AWS Security ChangesHomeSearch

AWS codecommit documentation change

Service: codecommit · 2025-10-22 · Documentation low

File: codecommit/latest/userguide/security_iam_service-with-iam.md

Summary

Condensed explanation of IAM policy Condition element, removed details about logical AND/OR evaluation and placeholder variables

Security assessment

The changes refine documentation about IAM policy conditions but do not address a specific security vulnerability. While IAM policies are security-related, this appears to be a clarification of existing security documentation rather than a response to a security issue.

Diff

diff --git a/codecommit/latest/userguide/security_iam_service-with-iam.md b/codecommit/latest/userguide/security_iam_service-with-iam.md
index 75ece9c23..cd40207f1 100644
--- a//codecommit/latest/userguide/security_iam_service-with-iam.md
+++ b//codecommit/latest/userguide/security_iam_service-with-iam.md
@@ -26,7 +26 @@ Administrators can use AWS JSON policies to specify who has access to what. That
-The `Condition` element (or `Condition` _block_) lets you specify conditions in which a statement is in effect. The `Condition` element is optional. You can create conditional expressions that use [condition operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html), such as equals or less than, to match the condition in the policy with values in the request. 
-
-If you specify multiple `Condition` elements in a statement, or multiple keys in a single `Condition` element, AWS evaluates them using a logical `AND` operation. If you specify multiple values for a single condition key, AWS evaluates the condition using a logical `OR` operation. All of the conditions must be met before the statement's permissions are granted.
-
-You can also use placeholder variables when you specify conditions. For example, you can grant an IAM user permission to access a resource only if it is tagged with their IAM user name. For more information, see [IAM policy elements: variables and tags](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_variables.html) in the _IAM User Guide_. 
-
-AWS supports global condition keys and service-specific condition keys. To see all AWS global condition keys, see [AWS global condition context keys](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html) in the _IAM User Guide_.
+The `Condition` element specifies when statements execute based on defined criteria. You can create conditional expressions that use [condition operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html), such as equals or less than, to match the condition in the policy with values in the request. To see all AWS global condition keys, see [AWS global condition context keys](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html) in the _IAM User Guide_.