AWS prescriptive-guidance documentation change
Summary
Corrected 'self-managed solution' to plural form in temporary elevated access management section
Security assessment
Change fixes grammatical number agreement in existing security documentation. Maintains existing security information about TEAM solutions without adding new content.
Diff
diff --git a/prescriptive-guidance/latest/security-reference-architecture/workplace-iam-identity-center.md b/prescriptive-guidance/latest/security-reference-architecture/workplace-iam-identity-center.md index 3b594e462..0d0349fe1 100644 --- a//prescriptive-guidance/latest/security-reference-architecture/workplace-iam-identity-center.md +++ b//prescriptive-guidance/latest/security-reference-architecture/workplace-iam-identity-center.md @@ -64 +64 @@ You can also connect your existing Microsoft Active Directory to IAM Identity Ce - * IAM Identity Center doesn't currently support the use of idle timeout, where the user's session times out or is extended based on activity. It does support [session duration](https://docs.aws.amazon.com/singlesignon/latest/userguide/configure-user-session.html) for the AWS access portal and IAM Identity Center integrated applications. You can configure session duration between 15 minutes and 90 days. You can [view and delete active AWS access portal sessions for IAM Identity Center users](https://docs.aws.amazon.com/singlesignon/latest/userguide/delete-user-session.html). However, modifying and ending AWS access portal sessions have no effect on the session duration of the AWS Management Console, which is defined in [permission sets.](https://docs.aws.amazon.com/singlesignon/latest/userguide/howtosessionduration.html) + * IAM Identity Center doesn't currently support the use of idle timeout, where the user's session times out or is extended based on activity. It does support [session duration](https://docs.aws.amazon.com/singlesignon/latest/userguide/configure-user-session.html) for the AWS access portal and IAM Identity Center integrated applications. You can configure session duration between 15 minutes and 90 days. You can [view and delete active AWS access portal sessions for IAM Identity Center users](https://docs.aws.amazon.com/singlesignon/latest/userguide/delete-user-session.html). However, modifying and ending AWS access portal sessions have no effect on the session duration of the AWS Management Console, which is defined in [permission sets](https://docs.aws.amazon.com/singlesignon/latest/userguide/howtosessionduration.html). @@ -122 +122 @@ We recommend that you use IAM Identity Center with an external IdP. However, if - * IAM Identity Center is a workforce identity management service, so it requires human interaction to complete the authentication process for programmatic access. If you need short-term credentials for machine-to-machine authentication, explore Amazon [EC2 instance profile](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html)s for workloads in AWS or [IAM Roles Anywhere](https://docs.aws.amazon.com/rolesanywhere/latest/userguide/introduction.html) for workloads outside AWS. + * IAM Identity Center is a workforce identity management service, so it requires human interaction to complete the authentication process for programmatic access. If you need short-term credentials for machine-to-machine authentication, explore [EC2 instance profiles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html) for workloads in AWS or [IAM Roles Anywhere](https://docs.aws.amazon.com/rolesanywhere/latest/userguide/introduction.html) for workloads outside AWS. @@ -124 +124 @@ We recommend that you use IAM Identity Center with an external IdP. However, if - * IAM Identity Center provides access to resources in AWS accounts within your organizations. However, if you want to provide single sign-on access to external accounts (that is, AWS accounts outside your organisation) by using IAM Identity Center without inviting those accounts into your organizations, you can [configure the external accounts as SAML applications in IAM Identity Center.](https://static.global.sso.amazonaws.com/app-4a24b6fe5e450fa2/instructions/index.htm) + * IAM Identity Center provides access to resources in AWS accounts within your organizations. However, if you want to provide single sign-on access to external accounts (that is, AWS accounts outside your organisation) by using IAM Identity Center without inviting those accounts into your organizations, you can [configure the external accounts as SAML applications in IAM Identity Center](https://static.global.sso.amazonaws.com/app-4a24b6fe5e450fa2/instructions/index.htm). @@ -126 +126 @@ We recommend that you use IAM Identity Center with an external IdP. However, if - * IAM Identity Center supports integration with temporary elevated access management (TEAM) solutions (also known as just-in-time access). This integration provides time-bound elevated access to your multi-account AWS environment at scale. Temporary elevated access allows users to request access to perform a specific task for a specific period of time. An approver reviews each request and decides whether to approve or reject it. IAM Identity Center supports both vendor-managed TEAM solutions from [supported AWS security partners](https://docs.aws.amazon.com/singlesignon/latest/userguide/temporary-elevated-access.html#validatedpartners) or [self-managed solution](https://aws-samples.github.io/iam-identity-center-team/)s, which you maintain and tailor to address your time-bound access requirements. + * IAM Identity Center supports integration with temporary elevated access management (TEAM) solutions (also known as just-in-time access). This integration provides time-bound elevated access to your multi-account AWS environment at scale. Temporary elevated access allows users to request access to perform a specific task for a specific period of time. An approver reviews each request and decides whether to approve or reject it. IAM Identity Center supports both vendor-managed TEAM solutions from [supported AWS security partners](https://docs.aws.amazon.com/singlesignon/latest/userguide/temporary-elevated-access.html#validatedpartners) or [self-managed solutions](https://aws-samples.github.io/iam-identity-center-team/), which you maintain and tailor to address your time-bound access requirements.