AWS Security ChangesHomeSearch

AWS workspaces-web documentation change

Service: workspaces-web · 2025-10-22 · Documentation low

File: workspaces-web/latest/adminguide/security_iam_service-with-iam-id-based-policies-conditionkeys.md

Summary

Condensed explanation of the Condition element, removing details about logical operations (AND/OR), placeholder variables, and service-specific keys.

Security assessment

The change reduces technical depth about condition evaluation but does not indicate a security flaw. It retains core security documentation about policy conditions.

Diff

diff --git a/workspaces-web/latest/adminguide/security_iam_service-with-iam-id-based-policies-conditionkeys.md b/workspaces-web/latest/adminguide/security_iam_service-with-iam-id-based-policies-conditionkeys.md
index 033e86a51..7d2a7230f 100644
--- a//workspaces-web/latest/adminguide/security_iam_service-with-iam-id-based-policies-conditionkeys.md
+++ b//workspaces-web/latest/adminguide/security_iam_service-with-iam-id-based-policies-conditionkeys.md
@@ -11,7 +11 @@ Administrators can use AWS JSON policies to specify who has access to what. That
-The `Condition` element (or `Condition` _block_) lets you specify conditions in which a statement is in effect. The `Condition` element is optional. You can create conditional expressions that use [condition operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html), such as equals or less than, to match the condition in the policy with values in the request. 
-
-If you specify multiple `Condition` elements in a statement, or multiple keys in a single `Condition` element, AWS evaluates them using a logical `AND` operation. If you specify multiple values for a single condition key, AWS evaluates the condition using a logical `OR` operation. All of the conditions must be met before the statement's permissions are granted.
-
-You can also use placeholder variables when you specify conditions. For example, you can grant an IAM user permission to access a resource only if it is tagged with their IAM user name. For more information, see [IAM policy elements: variables and tags](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_variables.html) in the _IAM User Guide_. 
-
-AWS supports global condition keys and service-specific condition keys. To see all AWS global condition keys, see [AWS global condition context keys](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html) in the _IAM User Guide_.
+The `Condition` element specifies when statements execute based on defined criteria. You can create conditional expressions that use [condition operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html), such as equals or less than, to match the condition in the policy with values in the request. To see all AWS global condition keys, see [AWS global condition context keys](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html) in the _IAM User Guide_.