AWS Security ChangesHomeSearch

AWS workspaces-web documentation change

Service: workspaces-web · 2025-10-22 · Documentation low

File: workspaces-web/latest/adminguide/security_iam_service-with-iam-resource-based-policies.md

Summary

Removed explanation about cross-account access requiring identity-based policies in trusted accounts

Security assessment

Omits operational details but doesn't introduce or resolve security flaws. The removed content was explanatory, not security-critical.

Diff

diff --git a/workspaces-web/latest/adminguide/security_iam_service-with-iam-resource-based-policies.md b/workspaces-web/latest/adminguide/security_iam_service-with-iam-resource-based-policies.md
index 114f376ce..8a6e5412c 100644
--- a//workspaces-web/latest/adminguide/security_iam_service-with-iam-resource-based-policies.md
+++ b//workspaces-web/latest/adminguide/security_iam_service-with-iam-resource-based-policies.md
@@ -11 +11 @@ Resource-based policies are JSON policy documents that you attach to a resource.
-To enable cross-account access, you can specify an entire account or IAM entities in another account as the principal in a resource-based policy. Adding a cross-account principal to a resource-based policy is only half of establishing the trust relationship. When the principal and the resource are in different AWS accounts, an IAM administrator in the trusted account must also grant the principal entity (user or role) permission to access the resource. They grant permission by attaching an identity-based policy to the entity. However, if a resource-based policy grants access to a principal in the same account, no additional identity-based policy is required. For more information, see [Cross account resource access in IAM](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies-cross-account-resource-access.html) in the _IAM User Guide_.
+To enable cross-account access, you can specify an entire account or IAM entities in another account as the principal in a resource-based policy. For more information, see [Cross account resource access in IAM](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies-cross-account-resource-access.html) in the _IAM User Guide_.