AWS IAM documentation change
Summary
Fixed a typo: changed 'and ARN' to 'an ARN' in a sentence about trust policy constraints.
Security assessment
This is a minor grammatical correction. The change does not alter the security meaning of the documentation, which explains that wildcards cannot be used in ARNs within trust policy principals. No security vulnerability or new security feature is addressed.
Diff
diff --git a/IAM/latest/UserGuide/id_roles.md b/IAM/latest/UserGuide/id_roles.md index b9027e0b9..c368adeec 100644 --- a//IAM/latest/UserGuide/id_roles.md +++ b//IAM/latest/UserGuide/id_roles.md @@ -146 +146 @@ To delegate permission to access a resource, you [create an IAM role](./id_roles -When you create a trust policy, you cannot specify a wildcard (*) as part of and ARN in the principal element. The trust policy is attached to the role in the trusting account, and is one-half of the permissions. The other half is a permissions policy attached to the user in the trusted account that [allows that user to switch to, or assume the role](./id_roles_use_permissions-to-switch.html). A user who assumes a role temporarily gives up his or her own permissions and instead takes on the permissions of the role. When the user exits, or stops using the role, the original user permissions are restored. An additional parameter called [external ID](./id_roles_common-scenarios_third-party.html#id_roles_third-party_external-id) helps ensure secure use of roles between accounts that are not controlled by the same organization. +When you create a trust policy, you cannot specify a wildcard (*) as part of an ARN in the principal element. The trust policy is attached to the role in the trusting account, and is one-half of the permissions. The other half is a permissions policy attached to the user in the trusted account that [allows that user to switch to, or assume the role](./id_roles_use_permissions-to-switch.html). A user who assumes a role temporarily gives up his or her own permissions and instead takes on the permissions of the role. When the user exits, or stops using the role, the original user permissions are restored. An additional parameter called [external ID](./id_roles_common-scenarios_third-party.html#id_roles_third-party_external-id) helps ensure secure use of roles between accounts that are not controlled by the same organization.