AWS security-ir documentation change
Summary
Updated formatting of condition keys with backticks and changed reference from 'IAM User Guide' to 'AWS Identity and Access Management User Guide'
Security assessment
This change is purely cosmetic/documentation formatting with no security implications. It updates markdown formatting and document references without addressing any security vulnerabilities or adding new security guidance.
Diff
diff --git a/security-ir/latest/userguide/access-control-lists-acls-in-aws-security-incident-response.md b/security-ir/latest/userguide/access-control-lists-acls-in-aws-security-incident-response.md index fe27fda18..1c5387b6c 100644 --- a//security-ir/latest/userguide/access-control-lists-acls-in-aws-security-incident-response.md +++ b//security-ir/latest/userguide/access-control-lists-acls-in-aws-security-incident-response.md @@ -19 +19 @@ Attribute-based access control (ABAC) is an authorization strategy that defines -To control access based on tags, you provide tag information in the [condition element](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html) of a policy using the AWS:ResourceTag/key-name, AWS:RequestTag/key-name, or AWS:TagKeys condition keys. If a service supports all three condition keys for every resource type, then the value is **Yes** for the service. If a service supports all three condition keys for only some resource types, then the value is **Partial**. For more information about ABAC, see [What is ABAC?](https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction_attribute-based-access-control.html) in the _IAM User Guide_. To view a tutorial with steps for setting up ABAC, see [Use attribute-based access control (ABAC)](https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html) in the _IAM User Guide_. +To control access based on tags, you provide tag information in the [condition element](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html) of a policy using the `AWS:ResourceTag/key-name`, `AWS:RequestTag/key-name`, or `AWS:TagKeys` condition keys. If a service supports all three condition keys for every resource type, then the value is **Yes** for the service. If a service supports all three condition keys for only some resource types, then the value is **Partial**. For more information about ABAC, see [What is ABAC?](https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction_attribute-based-access-control.html) in the _IAM User Guide_. To view a tutorial with steps for setting up ABAC, see [Use attribute-based access control (ABAC)](https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html) in the _AWS Identity and Access Management User Guide_. @@ -25 +25 @@ To control access based on tags, you provide tag information in the [condition e -AWS services don't work when you sign in using temporary credentials. For additional information, including which AWS services work with temporary credentials, see [AWS services that work with IAM](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-services-that-work-with-iam.html) in the _IAM User Guide_. You are using temporary credentials if you sign in to the AWS Management Console using any method except a user name and password. For example, when you access AWS using your company's single sign-on (SSO) link, that process automatically creates temporary credentials. You also automatically create temporary credentials when you sign in to the console as a user and then switch roles. For more information about switching roles, see [Switching to a role (console)](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-console.html) in the _IAM User Guide_. +AWS services don't work when you sign in using temporary credentials. For additional information, including which AWS services work with temporary credentials, see [AWS services that work with IAM](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-services-that-work-with-iam.html) in the _AWS Identity and Access Management User Guide_. You are using temporary credentials if you sign in to the AWS Management Console using any method except a user name and password. For example, when you access AWS using your company's single sign-on (SSO) link, that process automatically creates temporary credentials. You also automatically create temporary credentials when you sign in to the console as a user and then switch roles. For more information about switching roles, see [Switching to a role (console)](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-console.html) in the _IAM User Guide_.