AWS Security ChangesHomeSearch

AWS IAM documentation change

Service: IAM · 2026-03-07 · Documentation low

File: IAM/latest/UserGuide/id_credentials_getting-report.md

Summary

Updated credential report documentation to exclude CloudWatch Logs API keys

Security assessment

Routine documentation update about report scope without security implications

Diff

diff --git a/IAM/latest/UserGuide/id_credentials_getting-report.md b/IAM/latest/UserGuide/id_credentials_getting-report.md
index 9cafa57a4..bc2ea2eb8 100644
--- a//IAM/latest/UserGuide/id_credentials_getting-report.md
+++ b//IAM/latest/UserGuide/id_credentials_getting-report.md
@@ -13 +13 @@ You can generate and download a _credential report_ that lists all users in your
-The IAM credential report only includes the following IAM-managed credentials: passwords, the first two access keys per user, MFA devices, and X.509 signing certificates. The report does not include service-specific credentials (such as CodeCommit passwords or Amazon Bedrock long-term API keys) or any other user access keys beyond the first two. For complete credential visibility, use the [ListServiceSpecificCredentials](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListServiceSpecificCredentials.html) and [ListAccessKeys](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAccessKeys.html) APIs.
+The IAM credential report only includes the following IAM-managed credentials: passwords, the first two access keys per user, MFA devices, and X.509 signing certificates. The report does not include service-specific credentials (such as CodeCommit passwords, Amazon Bedrock long-term API keys, or Amazon CloudWatch Logs long-term API keys) or any other user access keys beyond the first two. For complete credential visibility, use the [ListServiceSpecificCredentials](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListServiceSpecificCredentials.html) and [ListAccessKeys](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAccessKeys.html) APIs.