AWS singlesignon documentation change
Summary
Added concrete example of primary Region disruption (AWS access portal unavailability) and updated emergency access documentation link format.
Security assessment
Changes provide clearer failure scenario examples and link formatting improvements. References to break-glass access and emergency procedures are reiterations of existing security recommendations, not new security documentation.
Diff
diff --git a/singlesignon/latest/userguide/multi-region-failover.md b/singlesignon/latest/userguide/multi-region-failover.md index 55091bfd3..e6b0f96e4 100644 --- a//singlesignon/latest/userguide/multi-region-failover.md +++ b//singlesignon/latest/userguide/multi-region-failover.md @@ -11 +11 @@ The topic of AWS account access through IAM Identity Center is covered extensive -If your IAM Identity Center instance is experiencing a disruption in the primary Region, your workforce can switch to an additional Region to continue accessing AWS accounts and unaffected applications. The section [Workforce access through an additional Region](./multi-region-workforce-access.html) explains how to access the AWS access portal in an additional Region. +If your IAM Identity Center instance experiences a disruption in the primary Region (for example, the AWS access portal in the primary Region is unavailable), your workforce can switch to an additional Region to continue accessing AWS accounts and unaffected applications. For more information, see [Workforce access through an additional Region](./multi-region-workforce-access.html). @@ -19 +19 @@ Similarly, we recommend that AWS CLI users create [AWS CLI profiles](https://doc -Continuity of access to AWS accounts also depends on the health of your external IdP and permissions such as permission set assignments and group memberships being provisioned and replicated before a service disruption. We recommend your organization also set up [AWS break-glass access](https://docs.aws.amazon.com/wellarchitected/latest/devops-guidance/ag.sad.5-implement-break-glass-procedures.html) to maintain AWS access to a small group of privileged users when the external IdP has a service disruption. [Set up emergency access to the AWS Management Console](./emergency-access.html) is a similar option that avoids using IAM users, but it too depends on the external IdP. +Continuity of access to AWS accounts also depends on the health of your external IdP and permissions such as permission set assignments and group memberships being provisioned and replicated before a service disruption. We recommend your organization also set up [AWS break-glass access](https://docs.aws.amazon.com/wellarchitected/latest/devops-guidance/ag.sad.5-implement-break-glass-procedures.html) to maintain AWS access to a small group of privileged users when the external IdP has a service disruption. [Emergency access](./emergency-access.html) is a similar option that avoids using IAM users, but it too depends on the external IdP.