AWS Security ChangesHomeSearch

AWS lexv2 medium security documentation change

Service: lexv2 · 2025-11-16 · Security-related medium

File: lexv2/latest/dg/security_iam_troubleshoot.md

Summary

Replaced detailed programmatic access instructions with a consolidated reference to AWS credentials documentation, removing specific guidance about temporary credentials and IAM Identity Center integration.

Security assessment

The change removes explicit warnings about the security risks of long-term credentials ('Not recommended' note) and de-emphasizes temporary credential best practices. This could lead users to adopt less secure practices by focusing on access keys without proper context about their risks. The removal of security-conscious guidance constitutes a security-related documentation change.

Diff

diff --git a/lexv2/latest/dg/security_iam_troubleshoot.md b/lexv2/latest/dg/security_iam_troubleshoot.md
index dc5db1b31..3e210e90b 100644
--- a//lexv2/latest/dg/security_iam_troubleshoot.md
+++ b//lexv2/latest/dg/security_iam_troubleshoot.md
@@ -60,20 +60 @@ If you are not using IAM Identity Center, you must create IAM entities (users or
-Users need programmatic access if they want to interact with AWS outside of the AWS Management Console. The way to grant programmatic access depends on the type of user that's accessing AWS.
-
-To grant users programmatic access, choose one of the following options.
-
-Which user needs programmatic access? | To | By  
----|---|---  
-Workforce identity (Users managed in IAM Identity Center) | Use temporary credentials to sign programmatic requests to the AWS CLI, AWS SDKs, or AWS APIs. |  Following the instructions for the interface that you want to use.
-
-  * For the AWS CLI, see [Configuring the AWS CLI to use AWS IAM Identity Center](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html) in the _AWS Command Line Interface User Guide_.
-  * For AWS SDKs, tools, and AWS APIs, see [IAM Identity Center authentication](https://docs.aws.amazon.com/sdkref/latest/guide/access-sso.html) in the _AWS SDKs and Tools Reference Guide_.
-
-  
-IAM | Use temporary credentials to sign programmatic requests to the AWS CLI, AWS SDKs, or AWS APIs. | Following the instructions in [Using temporary credentials with AWS resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html) in the _IAM User Guide_.  
-IAM | (Not recommended)Use long-term credentials to sign programmatic requests to the AWS CLI, AWS SDKs, or AWS APIs. |  Following the instructions for the interface that you want to use.
-
-  * For the AWS CLI, see [Authenticating using IAM user credentials](https://docs.aws.amazon.com/cli/latest/userguide/cli-authentication-user.html) in the _AWS Command Line Interface User Guide_.
-  * For AWS SDKs and tools, see [Authenticate using long-term credentials](https://docs.aws.amazon.com/sdkref/latest/guide/access-iam-users.html) in the _AWS SDKs and Tools Reference Guide_.
-  * For AWS APIs, see [Managing access keys for IAM users](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html) in the _IAM User Guide_.
-
-  
+For information about how to get your access key ID and secret access key, see [Understanding and getting your AWS credentials](https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys) in the AWS General Reference.