AWS managedservices documentation change
Summary
Updated change type reference from 'review required' to 'managed automation' in IAM provisioning documentation
Security assessment
Change modifies workflow terminology but does not address security vulnerabilities or introduce new security controls. The automated checks for insecure IAM patterns remain unchanged.
Diff
diff --git a/managedservices/latest/userguide/aip-how-works.md b/managedservices/latest/userguide/aip-how-works.md index f93eaa26e..81cf69e1d 100644 --- a//managedservices/latest/userguide/aip-how-works.md +++ b//managedservices/latest/userguide/aip-how-works.md @@ -7 +7 @@ -Automated IAM Provisioning relies on automated run-time checks for IAM to validate changes to IAM resources. These automated checks, performed when the Create, Update, or Delete change types are run, prevent IAM resources that are overly-permissive or have insecure patterns from being deployed into your account. This allows you to match the level of rigor in IAM reviews to the expertise of your team. We recommend that teams that are new to cloud services and need manual checks for all IAM resources changes use the existing review-required change type: Deployment | Advanced stack components | Identity and Access Management (IAM) | [Create entity or policy (review required)](https://docs.aws.amazon.com/managedservices/latest/ctref/deployment-advanced-identity-and-access-management-iam-create-entity-or-policy-review-required.html), (ct-3dpd8mdd9jn1r). Teams with AWS expertise and control of their environments can use Automated IAM Provisioning to speed up their deployments. You can use this feature to perform validation through automated run-time checks or to perform validation and provisioning of IAM resources after successful validation. +Automated IAM Provisioning relies on automated run-time checks for IAM to validate changes to IAM resources. These automated checks, performed when the Create, Update, or Delete change types are run, prevent IAM resources that are overly-permissive or have insecure patterns from being deployed into your account. This allows you to match the level of rigor in IAM reviews to the expertise of your team. We recommend that teams that are new to cloud services and need manual checks for all IAM resources changes use the existing review-required change type: Deployment | Advanced stack components | Identity and Access Management (IAM) | [Create entity or policy (managed automation)](https://docs.aws.amazon.com/managedservices/latest/ctref/deployment-advanced-identity-and-access-management-iam-create-entity-or-policy-review-required.html), (ct-3dpd8mdd9jn1r). Teams with AWS expertise and control of their environments can use Automated IAM Provisioning to speed up their deployments. You can use this feature to perform validation through automated run-time checks or to perform validation and provisioning of IAM resources after successful validation.