AWS clean-rooms documentation change
Summary
Removed section on creating administrator users including security best practices for credential management
Security assessment
Removal of security guidance about short-term credentials and IAM Identity Center reduces security documentation but doesn't address a specific vulnerability. The change appears to be content reorganization.
Diff
diff --git a/clean-rooms/latest/userguide/setting-up-roles.md b/clean-rooms/latest/userguide/setting-up-roles.md index 80a7b4b84..87e0802ba 100644 --- a//clean-rooms/latest/userguide/setting-up-roles.md +++ b//clean-rooms/latest/userguide/setting-up-roles.md @@ -7 +7 @@ -Create an administrator userCreate an IAM role for a collaboration memberCreate a service role to read data from Amazon S3Create a service role to read data from Amazon AthenaCreate a service role to read data from SnowflakeCreate a service role to read code from an S3 bucket (PySpark analysis template role)Create a service role to write results of a PySpark jobCreate a service role to receive results +Create an IAM role for a collaboration memberCreate a service role to read data from Amazon S3Create a service role to read data from Amazon AthenaCreate a service role to read data from SnowflakeCreate a service role to read code from an S3 bucket (PySpark analysis template role)Create a service role to write results of a PySpark jobCreate a service role to receive results @@ -15,2 +14,0 @@ The following sections describe the roles needed to perform each task. - * Create an administrator user - @@ -34,11 +31,0 @@ The following sections describe the roles needed to perform each task. -## Create an administrator user - -To use AWS Clean Rooms, you need to create an administrator user for yourself and add the administrator user to an administrators group. - -To create an administrator user, choose one of the following options. - -Choose one way to manage your administrator | To | By | You can also ----|---|---|--- -In IAM Identity Center (Recommended) | Use short-term credentials to access AWS.This aligns with the security best practices. For information about best practices, see [Security best practices in IAM](https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#bp-users-federation-idp) in the _IAM User Guide_. | Following the instructions in [Getting started](https://docs.aws.amazon.com//singlesignon/latest/userguide/getting-started.html) in the _AWS IAM Identity Center User Guide_. | Configure programmatic access by [Configuring the AWS CLI to use AWS IAM Identity Center](https://docs.aws.amazon.com//cli/latest/userguide/cli-configure-sso.html) in the _AWS Command Line Interface User Guide_. -In IAM (Not recommended) | Use long-term credentials to access AWS. | Following the instructions in [ Create an IAM user for emergency access](https://docs.aws.amazon.com/IAM/latest/UserGuide/getting-started-emergency-iam-user.html) in the _IAM User Guide_. | Configure programmatic access by [Manage access keys for IAM users](https://docs.aws.amazon.com//IAM/latest/UserGuide/id_credentials_access-keys.html) in the _IAM User Guide_. - @@ -872 +859 @@ To use the Amazon Web Services Documentation, Javascript must be enabled. Please -Sign up for AWS +Setting up AWS Clean Rooms