AWS Security ChangesHomeSearch

AWS singlesignon documentation change

Service: singlesignon · 2026-01-10 · Documentation low

File: singlesignon/latest/userguide/enable-abac.md

Summary

Added requirement for iam:UpdateAssumeRolePolicy permission when enabling ABAC on pre-December 2020 IAM Identity Center instances

Security assessment

Documents prerequisite for security feature (Attribute-Based Access Control) but lacks evidence of patching vulnerabilities. Prevents misconfiguration during ABAC enablement.

Diff

diff --git a/singlesignon/latest/userguide/enable-abac.md b/singlesignon/latest/userguide/enable-abac.md
index f1fb3fe53..deaab92eb 100644
--- a//singlesignon/latest/userguide/enable-abac.md
+++ b//singlesignon/latest/userguide/enable-abac.md
@@ -12,0 +13,2 @@ If you have existing permission sets and you plan to enable ABAC in your IAM Ide
+If your IAM Identity Center instance was created before December 2020 and you plan to enable ABAC in it, you must have the `iam:UpdateAssumeRolePolicy` policy associated with the IAM Identity Center administrative role, regardless of whether you have permission sets created in your account.
+