AWS singlesignon documentation change
Summary
Added requirement for iam:UpdateAssumeRolePolicy permission when enabling ABAC on pre-December 2020 IAM Identity Center instances
Security assessment
Documents prerequisite for security feature (Attribute-Based Access Control) but lacks evidence of patching vulnerabilities. Prevents misconfiguration during ABAC enablement.
Diff
diff --git a/singlesignon/latest/userguide/enable-abac.md b/singlesignon/latest/userguide/enable-abac.md index f1fb3fe53..deaab92eb 100644 --- a//singlesignon/latest/userguide/enable-abac.md +++ b//singlesignon/latest/userguide/enable-abac.md @@ -12,0 +13,2 @@ If you have existing permission sets and you plan to enable ABAC in your IAM Ide +If your IAM Identity Center instance was created before December 2020 and you plan to enable ABAC in it, you must have the `iam:UpdateAssumeRolePolicy` policy associated with the IAM Identity Center administrative role, regardless of whether you have permission sets created in your account. +