AWS Security ChangesHomeSearch

AWS IAM documentation change

Service: IAM · 2026-04-19 · Documentation medium

File: IAM/latest/UserGuide/access_policies_data-perimeters.md

Summary

Corrected a typo from 'appropriated' to 'appropriate' and updated the explanation of the aws:VpceOrgPaths condition key to clarify it applies to VPC endpoints owned by accounts in an OU, not IAM principals.

Security assessment

The change clarifies documentation for data perimeter controls, which are security features, by fixing a typo and correcting a potentially misleading description of a condition key. However, there is no concrete evidence of a specific security vulnerability being addressed; it improves accuracy to prevent misconfiguration.

Diff

diff --git a/IAM/latest/UserGuide/access_policies_data-perimeters.md b/IAM/latest/UserGuide/access_policies_data-perimeters.md
index 1dfb2f4c4..1823ceb5e 100644
--- a//IAM/latest/UserGuide/access_policies_data-perimeters.md
+++ b//IAM/latest/UserGuide/access_policies_data-perimeters.md
@@ -28 +28 @@ In some cases, you may need to extend your data perimeter to also include access
-Data perimeter controls should be treated as any other security control within the information security and risk management program. This means that you should perform a threat analysis to identify potential risks within your cloud environment, and then, based on your own risk acceptance criteria, select and implement appropriated data perimeter controls. To better inform the iterative risk-based approach to data perimeter implementation, you need to understand what security risks and threat vectors are addressed by data perimeter controls as well as your security priorities.
+Data perimeter controls should be treated as any other security control within the information security and risk management program. This means that you should perform a threat analysis to identify potential risks within your cloud environment, and then, based on your own risk acceptance criteria, select and implement appropriate data perimeter controls. To better inform the iterative risk-based approach to data perimeter implementation, you need to understand what security risks and threat vectors are addressed by data perimeter controls as well as your security priorities.
@@ -120 +120 @@ You can use the following condition keys to define networks your employees and a
-  * [aws:VpceOrgPaths](./reference_policies_condition-keys.html#condition-keys-vpceorgpaths) – You can use this condition key to ensure that IAM principals making the request belong to the specified organizational unit (OU) in AWS Organizations.
+  * [aws:VpceOrgPaths](./reference_policies_condition-keys.html#condition-keys-vpceorgpaths) – You can use this condition key to ensure that requests come through VPC endpoints owned by accounts that belong to the specified organizational unit (OU) in AWS Organizations.