AWS workspaces-web documentation change
Summary
Shortened explanation of attribute-based access control (ABAC) by removing contextual benefits
Security assessment
Simplifies documentation without impacting security guidance or addressing vulnerabilities.
Diff
diff --git a/workspaces-web/latest/adminguide/security_iam_service-with-iam-tags.md b/workspaces-web/latest/adminguide/security_iam_service-with-iam-tags.md index db69995ef..ee2019de8 100644 --- a//workspaces-web/latest/adminguide/security_iam_service-with-iam-tags.md +++ b//workspaces-web/latest/adminguide/security_iam_service-with-iam-tags.md @@ -9,3 +9 @@ -Attribute-based access control (ABAC) is an authorization strategy that defines permissions based on attributes. In AWS, these attributes are called _tags_. You can attach tags to IAM entities (users or roles) and to many AWS resources. Tagging entities and resources is the first step of ABAC. Then you design ABAC policies to allow operations when the principal's tag matches the tag on the resource that they are trying to access. - -ABAC is helpful in environments that are growing rapidly and helps with situations where policy management becomes cumbersome. +Attribute-based access control (ABAC) is an authorization strategy that defines permissions based on attributes called tags. You can attach tags to IAM entities and AWS resources, then design ABAC policies to allow operations when the principal's tag matches the tag on the resource.