AWS IAM documentation change
Summary
Updated credential report documentation to exclude CloudWatch Logs API keys
Security assessment
Routine documentation update about report scope without security implications
Diff
diff --git a/IAM/latest/UserGuide/id_credentials_getting-report.md b/IAM/latest/UserGuide/id_credentials_getting-report.md index 9cafa57a4..bc2ea2eb8 100644 --- a//IAM/latest/UserGuide/id_credentials_getting-report.md +++ b//IAM/latest/UserGuide/id_credentials_getting-report.md @@ -13 +13 @@ You can generate and download a _credential report_ that lists all users in your -The IAM credential report only includes the following IAM-managed credentials: passwords, the first two access keys per user, MFA devices, and X.509 signing certificates. The report does not include service-specific credentials (such as CodeCommit passwords or Amazon Bedrock long-term API keys) or any other user access keys beyond the first two. For complete credential visibility, use the [ListServiceSpecificCredentials](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListServiceSpecificCredentials.html) and [ListAccessKeys](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAccessKeys.html) APIs. +The IAM credential report only includes the following IAM-managed credentials: passwords, the first two access keys per user, MFA devices, and X.509 signing certificates. The report does not include service-specific credentials (such as CodeCommit passwords, Amazon Bedrock long-term API keys, or Amazon CloudWatch Logs long-term API keys) or any other user access keys beyond the first two. For complete credential visibility, use the [ListServiceSpecificCredentials](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListServiceSpecificCredentials.html) and [ListAccessKeys](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAccessKeys.html) APIs.