AWS Security ChangesHomeSearch

AWS transform medium security documentation change

Service: transform · 2026-05-16 · Security-related medium

File: transform/latest/userguide/transform-user-management.md

Summary

Added new section on managing users with IAM-only access, including policy attachment requirements. Updated introduction to clarify different access models.

Security assessment

Explicitly documents IAM policy requirements (`transform:AccessTransformProfile` permission) for access control in IAM-only mode. Provides concrete instructions for granting/revoking access through IAM policies, which is security-critical configuration.

Diff

diff --git a/transform/latest/userguide/transform-user-management.md b/transform/latest/userguide/transform-user-management.md
index 76fce228a..3597f62e5 100644
--- a//transform/latest/userguide/transform-user-management.md
+++ b//transform/latest/userguide/transform-user-management.md
@@ -7 +7 @@
-Adding users in IAM Identity CenterAdding users to AWS Transform
+Adding users in IAM Identity CenterAdding users to AWS TransformManaging users with IAM-only access
@@ -11 +11 @@ Adding users in IAM Identity CenterAdding users to AWS Transform
-AWS Transform integrates with IAM Identity Center for user management. This section describes how to add users to IAM Identity Center and grant them access to AWS Transform.
+How you manage user access to AWS Transform depends on the access model you chose during setup. If you configured IAM Identity Center, you add users through IAM Identity Center. If you configured a third-party identity provider, you manage users in that provider. If you chose IAM-only access, user access is managed through IAM policies.
@@ -68,0 +69,15 @@ After adding users, they appear in the **Users** list with a status of "Pending"
+## Managing users with IAM-only access
+
+If you configured AWS Transform with IAM-only access, user access is managed through IAM policies. Any IAM principal with the `transform:AccessTransformProfile` permission on the profile resource can access AWS Transform.
+
+To grant a user or role access to AWS Transform:
+
+  1. Navigate to the IAM console.
+
+  2. Attach a policy that includes the `transform:AccessTransformProfile` action to the IAM user or role. For an example policy, see [Allow users to access AWS Transform with IAM credentials](./security_iam_id-based-policy-examples.html#id-based-policy-examples-access-transform-webapp).
+
+
+
+
+To revoke access, remove the policy from the IAM user or role.
+
@@ -75 +90 @@ To use the Amazon Web Services Documentation, Javascript must be enabled. Please
-Setting up
+Using your own S3 bucket