AWS wickr medium security documentation change
Summary
Updated IAM user guidance to recommend using temporary credentials via federation instead of long-term credentials with key rotation.
Security assessment
The change emphasizes using temporary credentials through federation, which is a security best practice to reduce risks associated with long-term credentials. This directly addresses potential security weaknesses by advocating for more secure authentication methods.
Diff
diff --git a/wickr/latest/adminguide-classic/security_iam_authentication-iamuser.md b/wickr/latest/adminguide-classic/security_iam_authentication-iamuser.md index 28a4e90de..b4cb796cc 100644 --- a//wickr/latest/adminguide-classic/security_iam_authentication-iamuser.md +++ b//wickr/latest/adminguide-classic/security_iam_authentication-iamuser.md @@ -9 +9 @@ This guide documents the classic version of the AWS Wickr administration console -An _[IAM user](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users.html)_ is an identity within your AWS account that has specific permissions for a single person or application. Where possible, we recommend relying on temporary credentials instead of creating IAM users who have long-term credentials such as passwords and access keys. However, if you have specific use cases that require long-term credentials with IAM users, we recommend that you rotate access keys. For more information, see [Rotate access keys regularly for use cases that require long-term credentials](https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#rotate-credentials) in the _IAM User Guide_. +An _[IAM user](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users.html)_ is an identity with specific permissions for a single person or application. We recommend using temporary credentials instead of IAM users with long-term credentials. For more information, see [Require human users to use federation with an identity provider to access AWS using temporary credentials](https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#bp-users-federation-idp) in the _IAM User Guide_. @@ -11,3 +11 @@ An _[IAM user](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users.html)_ -An [_IAM group_](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups.html) is an identity that specifies a collection of IAM users. You can't sign in as a group. You can use groups to specify permissions for multiple users at a time. Groups make permissions easier to manage for large sets of users. For example, you could have a group named _IAMAdmins_ and give that group permissions to administer IAM resources. - -Users are different from roles. A user is uniquely associated with one person or application, but a role is intended to be assumable by anyone who needs it. Users have permanent long-term credentials, but roles provide temporary credentials. To learn more, see [Use cases for IAM users](https://docs.aws.amazon.com/IAM/latest/UserGuide/gs-identities-iam-users.html) in the _IAM User Guide_. +An [_IAM group_](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups.html) specifies a collection of IAM users and makes permissions easier to manage for large sets of users. For more information, see [Use cases for IAM users](https://docs.aws.amazon.com/IAM/latest/UserGuide/gs-identities-iam-users.html) in the _IAM User Guide_.