AWS Security ChangesHomeSearch

AWS wickr medium security documentation change

Service: wickr · 2025-10-22 · Security-related medium

File: wickr/latest/adminguide-classic/security_iam_authentication-iamuser.md

Summary

Updated IAM user guidance to recommend using temporary credentials via federation instead of long-term credentials with key rotation.

Security assessment

The change emphasizes using temporary credentials through federation, which is a security best practice to reduce risks associated with long-term credentials. This directly addresses potential security weaknesses by advocating for more secure authentication methods.

Diff

diff --git a/wickr/latest/adminguide-classic/security_iam_authentication-iamuser.md b/wickr/latest/adminguide-classic/security_iam_authentication-iamuser.md
index 28a4e90de..b4cb796cc 100644
--- a//wickr/latest/adminguide-classic/security_iam_authentication-iamuser.md
+++ b//wickr/latest/adminguide-classic/security_iam_authentication-iamuser.md
@@ -9 +9 @@ This guide documents the classic version of the AWS Wickr administration console
-An _[IAM user](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users.html)_ is an identity within your AWS account that has specific permissions for a single person or application. Where possible, we recommend relying on temporary credentials instead of creating IAM users who have long-term credentials such as passwords and access keys. However, if you have specific use cases that require long-term credentials with IAM users, we recommend that you rotate access keys. For more information, see [Rotate access keys regularly for use cases that require long-term credentials](https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#rotate-credentials) in the _IAM User Guide_.
+An _[IAM user](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users.html)_ is an identity with specific permissions for a single person or application. We recommend using temporary credentials instead of IAM users with long-term credentials. For more information, see [Require human users to use federation with an identity provider to access AWS using temporary credentials](https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#bp-users-federation-idp) in the _IAM User Guide_.
@@ -11,3 +11 @@ An _[IAM user](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users.html)_
-An [_IAM group_](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups.html) is an identity that specifies a collection of IAM users. You can't sign in as a group. You can use groups to specify permissions for multiple users at a time. Groups make permissions easier to manage for large sets of users. For example, you could have a group named _IAMAdmins_ and give that group permissions to administer IAM resources.
-
-Users are different from roles. A user is uniquely associated with one person or application, but a role is intended to be assumable by anyone who needs it. Users have permanent long-term credentials, but roles provide temporary credentials. To learn more, see [Use cases for IAM users](https://docs.aws.amazon.com/IAM/latest/UserGuide/gs-identities-iam-users.html) in the _IAM User Guide_.
+An [_IAM group_](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups.html) specifies a collection of IAM users and makes permissions easier to manage for large sets of users. For more information, see [Use cases for IAM users](https://docs.aws.amazon.com/IAM/latest/UserGuide/gs-identities-iam-users.html) in the _IAM User Guide_.