AWS Security ChangesHomeSearch

AWS directoryservice documentation change

Service: directoryservice · 2025-11-22 · Documentation low

File: directoryservice/latest/admin-guide/IAM_Auth_Access_IdentityBased.md

Summary

Updated documentation to replace 'AWS Directory Service' with 'Directory Service' throughout the document for consistency

Security assessment

The changes are purely branding/terminology updates from 'AWS Directory Service' to 'Directory Service'. No security-related content was added, removed, or modified. The updates maintain existing security documentation about IAM policies but do not introduce new security features or address vulnerabilities.

Diff

diff --git a/directoryservice/latest/admin-guide/IAM_Auth_Access_IdentityBased.md b/directoryservice/latest/admin-guide/IAM_Auth_Access_IdentityBased.md
index de87ce0c1..3c6416059 100644
--- a//directoryservice/latest/admin-guide/IAM_Auth_Access_IdentityBased.md
+++ b//directoryservice/latest/admin-guide/IAM_Auth_Access_IdentityBased.md
@@ -5 +5 @@
-Permissions required to use the AWS Directory Service consoleAWS managed (predefined) policies for AWS Directory ServiceCustomer managed policy examplesUsing tags with IAM policies
+Permissions required to use the Directory Service consoleAWS managed (predefined) policies for Directory ServiceCustomer managed policy examplesUsing tags with IAM policies
@@ -7 +7 @@ Permissions required to use the AWS Directory Service consoleAWS managed (predef
-# Using identity-based policies (IAM policies) for AWS Directory Service
+# Using identity-based policies (IAM policies) for Directory Service
@@ -9 +9 @@ Permissions required to use the AWS Directory Service consoleAWS managed (predef
-This topic provides examples of identity-based policies in which an account administrator can attach permissions policies to IAM identities (users, groups, and roles). These examples demonstrate IAM policies in AWS Directory Service. You should modify and create your own policies to suit your needs and environment.
+This topic provides examples of identity-based policies in which an account administrator can attach permissions policies to IAM identities (users, groups, and roles). These examples demonstrate IAM policies in Directory Service. You should modify and create your own policies to suit your needs and environment.
@@ -13 +13 @@ This topic provides examples of identity-based policies in which an account admi
-We recommend that you first review the introductory topics that explain the basic concepts and options available for you to manage access to your AWS Directory Service resources. For more information, see [Overview of managing access permissions to your AWS Directory Service resources](./IAM_Auth_Access_Overview.html).
+We recommend that you first review the introductory topics that explain the basic concepts and options available for you to manage access to your Directory Service resources. For more information, see [Overview of managing access permissions to your Directory Service resources](./IAM_Auth_Access_Overview.html).
@@ -17 +17 @@ The sections in this topic cover the following:
-  * Permissions required to use the AWS Directory Service console
+  * Permissions required to use the Directory Service console
@@ -19 +19 @@ The sections in this topic cover the following:
-  * AWS managed (predefined) policies for AWS Directory Service
+  * AWS managed (predefined) policies for Directory Service
@@ -86 +86 @@ The three statements in the policy grant permissions as follows:
-  * The first statement grants permission to create an AWS Directory Service directory. Because AWS Directory Service doesn't support permissions at the resource level, the policy specifies a wildcard character (*) as the `Resource` value. 
+  * The first statement grants permission to create an Directory Service directory. Because Directory Service doesn't support permissions at the resource level, the policy specifies a wildcard character (*) as the `Resource` value. 
@@ -88 +88 @@ The three statements in the policy grant permissions as follows:
-  * The second statement grants permissions to access IAM actions, so that AWS Directory Service can read and create IAM roles on your behalf. The wildcard character (*) at the end of the `Resource` value means that the statement allows permission for the IAM actions on any IAM role. To limit this permission to a specific role, replace the wildcard character (*) in the resource ARN with the specific role name. For more information, see [IAM Actions](https://docs.aws.amazon.com/IAM/latest/APIReference/API_Operations.html). 
+  * The second statement grants permissions to access IAM actions, so that Directory Service can read and create IAM roles on your behalf. The wildcard character (*) at the end of the `Resource` value means that the statement allows permission for the IAM actions on any IAM role. To limit this permission to a specific role, replace the wildcard character (*) in the resource ARN with the specific role name. For more information, see [IAM Actions](https://docs.aws.amazon.com/IAM/latest/APIReference/API_Operations.html). 
@@ -90 +90 @@ The three statements in the policy grant permissions as follows:
-  * The third statement grants permissions to a specific set of resources in Amazon EC2 that are necessary to allow AWS Directory Service to create, configure, and destroy its directories. Replace the role ARN with your role. For more information, see [Amazon EC2 Actions](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Operations.html). 
+  * The third statement grants permissions to a specific set of resources in Amazon EC2 that are necessary to allow Directory Service to create, configure, and destroy its directories. Replace the role ARN with your role. For more information, see [Amazon EC2 Actions](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Operations.html). 
@@ -97 +97 @@ You don't see a `Principal` element in the policy, because in an identity-based
-For a table showing all of the AWS Directory Service API actions and the resources that they apply to, see [AWS Directory Service API permissions: Actions, resources, and conditions reference](./UsingWithDS_IAM_ResourcePermissions.html). 
+For a table showing all of the Directory Service API actions and the resources that they apply to, see [Directory Service API permissions: Actions, resources, and conditions reference](./UsingWithDS_IAM_ResourcePermissions.html). 
@@ -99 +99 @@ For a table showing all of the AWS Directory Service API actions and the resourc
-## Permissions required to use the AWS Directory Service console
+## Permissions required to use the Directory Service console
@@ -101 +101 @@ For a table showing all of the AWS Directory Service API actions and the resourc
-For a user to work with the AWS Directory Service console, that user must have permissions listed in the preceding policy or the permissions granted by the Directory Service Full Access Role or Directory Service Read Only role, described in AWS managed (predefined) policies for AWS Directory Service.
+For a user to work with the Directory Service console, that user must have permissions listed in the preceding policy or the permissions granted by the Directory Service Full Access Role or Directory Service Read Only role, described in AWS managed (predefined) policies for Directory Service.
@@ -105 +105 @@ If you create an IAM policy that is more restrictive than the minimum required p
-## AWS managed (predefined) policies for AWS Directory Service
+## AWS managed (predefined) policies for Directory Service
@@ -111 +111 @@ AWS addresses many common use cases by providing predefined, or managed, IAM pol
-In this section, you can find example user policies that grant permissions for various AWS Directory Service actions. 
+In this section, you can find example user policies that grant permissions for various Directory Service actions. 
@@ -119 +119 @@ All examples use the US West (Oregon) Region (`us-west-2`) and contain fictitiou
-  * Example 1: Allow a user to perform any Describe action on any AWS Directory Service resource
+  * Example 1: Allow a user to perform any Describe action on any Directory Service resource
@@ -126 +126 @@ All examples use the US West (Oregon) Region (`us-west-2`) and contain fictitiou
-### Example 1: Allow a user to perform any Describe action on any AWS Directory Service resource
+### Example 1: Allow a user to perform any Describe action on any Directory Service resource
@@ -128 +128 @@ All examples use the US West (Oregon) Region (`us-west-2`) and contain fictitiou
-The following permissions policy grants permissions to a user to run all of the actions that begin with `Describe` in an AWS Managed Microsoft AD with the directory ID `d-1234567890` in the AWS account `111122223333`. These actions show information about an AWS Directory Service resource, such as a directory or snapshot. Make sure to change the AWS Region and account number to the region you want to use and your account number.
+The following permissions policy grants permissions to a user to run all of the actions that begin with `Describe` in an AWS Managed Microsoft AD with the directory ID `d-1234567890` in the AWS account `111122223333`. These actions show information about an Directory Service resource, such as a directory or snapshot. Make sure to change the AWS Region and account number to the region you want to use and your account number.
@@ -196 +196 @@ JSON
-You can apply tag-based resource-level permissions in the IAM policies you use for most AWS Directory Service API actions. This gives you better control over what resources a user can create, modify, or use. You use the `Condition` element (also called the `Condition` block) with the following condition context keys and values in an IAM policy to control user access (permissions) based on a resource's tags:
+You can apply tag-based resource-level permissions in the IAM policies you use for most Directory Service API actions. This gives you better control over what resources a user can create, modify, or use. You use the `Condition` element (also called the `Condition` block) with the following condition context keys and values in an IAM policy to control user access (permissions) based on a resource's tags:
@@ -209 +209 @@ You can apply tag-based resource-level permissions in the IAM policies you use f
-The condition context keys and values in an IAM policy apply only to those AWS Directory Service actions where an identifier for a resource capable of being tagged is a required parameter. 
+The condition context keys and values in an IAM policy apply only to those Directory Service actions where an identifier for a resource capable of being tagged is a required parameter. 
@@ -213 +213 @@ The condition context keys and values in an IAM policy apply only to those AWS D
-The following tag policy allows creating an AWS Directory Service directory as long as the following tags are used:
+The following tag policy allows creating an Directory Service directory as long as the following tags are used:
@@ -252 +252 @@ JSON
-The following tag policy allows updating and deleting AWS Directory Service directories as long as the following tags are used:
+The following tag policy allows updating and deleting Directory Service directories as long as the following tags are used:
@@ -292 +292 @@ JSON
-The following tag policy denies resource tagging for AWS Directory Service where the resource has one of the following tags:
+The following tag policy denies resource tagging for Directory Service where the resource has one of the following tags:
@@ -331 +331 @@ For more information about ARNs, see [Amazon Resource Names (ARNs) and AWS Servi
-The following list of AWS Directory Service API operations support tag-based resource-level permissions:
+The following list of Directory Service API operations support tag-based resource-level permissions:
@@ -432 +432 @@ AWS managed policies
-AWS Directory Service API permissions reference
+Directory Service API permissions reference