AWS Security ChangesHomeSearch

AWS claude-platform documentation change

Service: claude-platform · 2026-05-25 · Documentation low

File: claude-platform/latest/userguide/iam-actions.md

Summary

Clarified AssumeConsole action documentation regarding capability control through condition keys

Security assessment

Improves explanation of existing security controls (condition keys) but doesn't introduce new security features or address vulnerabilities. Refines documentation of IAM capability model without functional changes.

Diff

diff --git a/claude-platform/latest/userguide/iam-actions.md b/claude-platform/latest/userguide/iam-actions.md
index ed13dad07..6d2adcb5a 100644
--- a//claude-platform/latest/userguide/iam-actions.md
+++ b//claude-platform/latest/userguide/iam-actions.md
@@ -190 +190 @@ Action | Routes authorized
-`AssumeConsole` authorizes a principal to open the Claude Console for a Claude Platform on AWS workspace through the AWS Console federation flow. It does not map to a route. Grant it to principals who should be able to click **Open Claude Console** on the Claude Platform on AWS service page in the AWS Console. The console capability (developer or admin) is controlled by the `aws-external-anthropic:Capability` condition key on the `AssumeConsole` action; see [IAM policies](./iam-policies.html) for details on the capability model and [Using the Claude Console](./console.html) for the sign-in flow.
+`AssumeConsole` authorizes a principal to open the Claude Console for a Claude Platform on AWS workspace through the AWS Console federation flow. It does not map to a route. Grant it to principals who should be able to click **Open Claude Console** on the Claude Platform on AWS service page in the AWS Console. The `aws-external-anthropic:Capability` condition key on the `AssumeConsole` action controls which console capability (developer or admin) a principal can request. See [IAM policies](./iam-policies.html) for details and [Using the Claude Console](./console.html) for the sign-in flow.