AWS IAM documentation change
Summary
Added hyperlinks to documentation for various IAM condition keys in policy examples
Security assessment
The changes add references to security-related condition keys documentation but do not indicate a security vulnerability fix. The modifications improve documentation clarity for existing security controls (audience restrictions, token lifetimes, cryptographic algorithms, and tag enforcement) but don't introduce new security features or address specific vulnerabilities.
Diff
diff --git a/IAM/latest/UserGuide/id_roles_providers_outbound_policies.md b/IAM/latest/UserGuide/id_roles_providers_outbound_policies.md index e35b4088e..6b57f5bd7 100644 --- a//IAM/latest/UserGuide/id_roles_providers_outbound_policies.md +++ b//IAM/latest/UserGuide/id_roles_providers_outbound_policies.md @@ -13 +13 @@ To request identity tokens, an IAM principal must have the `sts:GetWebIdentityTo - * Use the `sts:IdentityTokenAudience` condition key to limit which external services can receive tokens. + * Use the [sts:IdentityTokenAudience](./reference_policies_iam-condition-keys.html#ck_identitytokenaudience) condition key to limit which external services can receive tokens. @@ -15 +15 @@ To request identity tokens, an IAM principal must have the `sts:GetWebIdentityTo - * Use the `sts:DurationSeconds` condition key to enforce maximum token lifetimes. + * Use the [sts:DurationSeconds](./reference_policies_iam-condition-keys.html#ck_durationseconds) condition key to enforce maximum token lifetimes. @@ -17 +17 @@ To request identity tokens, an IAM principal must have the `sts:GetWebIdentityTo - * Use the `sts:SigningAlgorithm` condition key to require specific cryptographic algorithms. + * Use the [sts:SigningAlgorithm](./reference_policies_iam-condition-keys.html#ck_signingalgorithm) condition key to require specific cryptographic algorithms. @@ -19 +19 @@ To request identity tokens, an IAM principal must have the `sts:GetWebIdentityTo - * Use the `aws:RequestTag` condition key compare the tag key-value pair that was passed in the request with the tag pair that you specify in the policy. + * Use the [aws:RequestTag](./reference_policies_condition-keys.html#condition-keys-requesttag) condition key compare the tag key-value pair that was passed in the request with the tag pair that you specify in the policy. @@ -21 +21 @@ To request identity tokens, an IAM principal must have the `sts:GetWebIdentityTo - * Use the `aws:TagKeys` condition key to compare the tag keys in a request with the keys that you specify in the policy. + * Use the [aws:TagKeys](./reference_policies_condition-keys.html#condition-keys-tagkeys) condition key to compare the tag keys in a request with the keys that you specify in the policy.