AWS Security ChangesHomeSearch

AWS wickr medium security documentation change

Service: wickr · 2025-10-22 · Security-related medium

File: wickr/latest/adminguide/security_iam_authentication-iamuser.md

Summary

Updated IAM user documentation to emphasize temporary credentials over long-term credentials and removed comparison between users/roles. Added reference to federation best practices.

Security assessment

The change promotes security best practices by explicitly recommending federation with identity providers for temporary credentials instead of long-term IAM user credentials. This reduces risks associated with long-term credential exposure. The added link to federation guidance provides concrete security improvement context.

Diff

diff --git a/wickr/latest/adminguide/security_iam_authentication-iamuser.md b/wickr/latest/adminguide/security_iam_authentication-iamuser.md
index 1856fedb3..50239bd40 100644
--- a//wickr/latest/adminguide/security_iam_authentication-iamuser.md
+++ b//wickr/latest/adminguide/security_iam_authentication-iamuser.md
@@ -9 +9 @@ This guide documents the new AWS Wickr administration console, released on March
-An _[IAM user](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users.html)_ is an identity within your AWS account that has specific permissions for a single person or application. Where possible, we recommend relying on temporary credentials instead of creating IAM users who have long-term credentials such as passwords and access keys. However, if you have specific use cases that require long-term credentials with IAM users, we recommend that you rotate access keys. For more information, see [Rotate access keys regularly for use cases that require long-term credentials](https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#rotate-credentials) in the _IAM User Guide_.
+An _[IAM user](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users.html)_ is an identity with specific permissions for a single person or application. We recommend using temporary credentials instead of IAM users with long-term credentials. For more information, see [Require human users to use federation with an identity provider to access AWS using temporary credentials](https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#bp-users-federation-idp) in the _IAM User Guide_.
@@ -11,3 +11 @@ An _[IAM user](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users.html)_
-An [_IAM group_](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups.html) is an identity that specifies a collection of IAM users. You can't sign in as a group. You can use groups to specify permissions for multiple users at a time. Groups make permissions easier to manage for large sets of users. For example, you could have a group named _IAMAdmins_ and give that group permissions to administer IAM resources.
-
-Users are different from roles. A user is uniquely associated with one person or application, but a role is intended to be assumable by anyone who needs it. Users have permanent long-term credentials, but roles provide temporary credentials. To learn more, see [Use cases for IAM users](https://docs.aws.amazon.com/IAM/latest/UserGuide/gs-identities-iam-users.html) in the _IAM User Guide_.
+An [_IAM group_](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups.html) specifies a collection of IAM users and makes permissions easier to manage for large sets of users. For more information, see [Use cases for IAM users](https://docs.aws.amazon.com/IAM/latest/UserGuide/gs-identities-iam-users.html) in the _IAM User Guide_.