AWS wickr high security documentation change
Summary
Streamlined authentication documentation by removing detailed MFA recommendations and programmatic access explanations.
Security assessment
The removal of specific multi-factor authentication (MFA) recommendations ('AWS recommends that you use multi-factor authentication...') constitutes a security-related change by omitting guidance about a critical security control. This could negatively impact security posture if users are not reminded to enable MFA. The change removes existing security documentation rather than adding new protections.
Diff
diff --git a/wickr/latest/adminguide/security_iam_authentication.md b/wickr/latest/adminguide/security_iam_authentication.md index 1f35650c2..57774d6bc 100644 --- a//wickr/latest/adminguide/security_iam_authentication.md +++ b//wickr/latest/adminguide/security_iam_authentication.md @@ -9 +9 @@ This guide documents the new AWS Wickr administration console, released on March -Authentication is how you sign in to AWS using your identity credentials. You must be _authenticated_ (signed in to AWS) as the AWS account root user, as an IAM user, or by assuming an IAM role. +Authentication is how you sign in to AWS using your identity credentials. You must be authenticated as the AWS account root user, an IAM user, or by assuming an IAM role. @@ -11 +11 @@ Authentication is how you sign in to AWS using your identity credentials. You mu -You can sign in to AWS as a federated identity by using credentials provided through an identity source. AWS IAM Identity Center (IAM Identity Center) users, your company's single sign-on authentication, and your Google or Facebook credentials are examples of federated identities. When you sign in as a federated identity, your administrator previously set up identity federation using IAM roles. When you access AWS by using federation, you are indirectly assuming a role. +You can sign in as a federated identity using credentials from an identity source like AWS IAM Identity Center (IAM Identity Center), single sign-on authentication, or Google/Facebook credentials. For more information about signing in, see [How to sign in to your AWS account](https://docs.aws.amazon.com/signin/latest/userguide/how-to-sign-in.html) in the _AWS Sign-In User Guide_. @@ -13,5 +13 @@ You can sign in to AWS as a federated identity by using credentials provided thr -Depending on the type of user you are, you can sign in to the AWS Management Console or the AWS access portal. For more information about signing in to AWS, see [How to sign in to your AWS account](https://docs.aws.amazon.com/signin/latest/userguide/how-to-sign-in.html) in the _AWS Sign-In User Guide_. - -If you access AWS programmatically, AWS provides a software development kit (SDK) and a command line interface (CLI) to cryptographically sign your requests by using your credentials. If you don't use AWS tools, you must sign requests yourself. For more information about using the recommended method to sign requests yourself, see [AWS Signature Version 4 for API requests](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_sigv.html) in the _IAM User Guide_. - -Regardless of the authentication method that you use, you might be required to provide additional security information. For example, AWS recommends that you use multi-factor authentication (MFA) to increase the security of your account. To learn more, see [Multi-factor authentication](https://docs.aws.amazon.com/singlesignon/latest/userguide/enable-mfa.html) in the _AWS IAM Identity Center User Guide_ and [AWS Multi-factor authentication in IAM](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa.html) in the _IAM User Guide_. +For programmatic access, AWS provides an SDK and CLI to cryptographically sign requests. For more information, see [AWS Signature Version 4 for API requests](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_sigv.html) in the _IAM User Guide_.