AWS mgn documentation change
Summary
Simplified language around federated access best practices and IAM Identity Center recommendations. Removed specific examples of identity sources and administrator user references.
Security assessment
Changes are editorial improvements to simplify text rather than address security vulnerabilities. The core security recommendation (using federated identities with temporary credentials) remains unchanged. Removal of 'including users that require administrator access' does not weaken security guidance but makes it more generic.
Diff
diff --git a/mgn/latest/ug/identity-access-management.md b/mgn/latest/ug/identity-access-management.md index 1e44368b3..eaf896d8f 100644 --- a//mgn/latest/ug/identity-access-management.md +++ b//mgn/latest/ug/identity-access-management.md @@ -19 +19 @@ When you attach a policy to a user or group of users, it allows or denies the us -As a best practice, require human users, including users that require administrator access, to use federation with an identity provider to access AWS services by using temporary credentials. +As a best practice, require human users to use federation with an identity provider to access AWS services using temporary credentials. @@ -21 +21 @@ As a best practice, require human users, including users that require administra -A _federated identity_ is a user from your enterprise user directory, a web identity provider, the AWS Directory Service, the Identity Center directory, or any user that accesses AWS services by using credentials provided through an identity source. When federated identities access AWS accounts, they assume roles, and the roles provide temporary credentials. +A _federated identity_ is a user from your enterprise directory, web identity provider, or AWS Directory Service that accesses AWS services using credentials from an identity source. Federated identities assume roles that provide temporary credentials. @@ -23 +23 @@ A _federated identity_ is a user from your enterprise user directory, a web iden -For centralized access management, we recommend that you use AWS IAM Identity Center. You can create users and groups in IAM Identity Center, or you can connect and synchronize to a set of users and groups in your own identity source for use across all your AWS accounts and applications. For information about IAM Identity Center, see [What is IAM Identity Center?](https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html) in the _AWS IAM Identity Center User Guide_. +For centralized access management, we recommend AWS IAM Identity Center. For more information, see [What is IAM Identity Center?](https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html) in the _AWS IAM Identity Center User Guide_.