AWS scheduler medium security documentation change
Summary
Removed standalone 'Create an IAM user' section and simplified AWS account sign-up instructions. Replaced detailed sign-up procedure with a link to AWS account management guide. Removed comparison table for admin user creation methods.
Security assessment
Removes security best practice guidance about avoiding root user access and creating emergency IAM users. Deletes recommendation for short-term credentials via IAM Identity Center, which weakens security posture documentation. Severity is medium due to removal of specific security guidance.
Diff
diff --git a/scheduler/latest/UserGuide/setting-up.md b/scheduler/latest/UserGuide/setting-up.md index 185756edb..8eaf88b05 100644 --- a//scheduler/latest/UserGuide/setting-up.md +++ b//scheduler/latest/UserGuide/setting-up.md @@ -7 +7 @@ -Sign up for AWSCreate an IAM userUse managed policiesSet up the execution roleSet up a targetWhat's next? +Sign up for AWSUse managed policiesSet up the execution roleSet up a targetWhat's next? @@ -17,2 +16,0 @@ Before you can use EventBridge Scheduler, you must complete the following steps. - * Create an IAM user - @@ -32,18 +30 @@ Before you can use EventBridge Scheduler, you must complete the following steps. -If you do not have an AWS account, complete the following steps to create one. - -###### To sign up for an AWS account - - 1. Open [https://portal.aws.amazon.com/billing/signup](https://portal.aws.amazon.com/billing/signup). - - 2. Follow the online instructions. - -Part of the sign-up procedure involves receiving a phone call or text message and entering a verification code on the phone keypad. - -When you sign up for an AWS account, an _AWS account root user_ is created. The root user has access to all AWS services and resources in the account. As a security best practice, assign administrative access to a user, and use only the root user to perform [tasks that require root user access](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html#root-user-tasks). - - - - -## Create an IAM user - -To create an administrator user, choose one of the following options. +### Sign up for an AWS account @@ -51,4 +32 @@ To create an administrator user, choose one of the following options. -Choose one way to manage your administrator | To | By | You can also ----|---|---|--- -In IAM Identity Center (Recommended) | Use short-term credentials to access AWS.This aligns with the security best practices. For information about best practices, see [Security best practices in IAM](https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#bp-users-federation-idp) in the _IAM User Guide_. | Following the instructions in [Getting started](https://docs.aws.amazon.com//singlesignon/latest/userguide/getting-started.html) in the _AWS IAM Identity Center User Guide_. | Configure programmatic access by [Configuring the AWS CLI to use AWS IAM Identity Center](https://docs.aws.amazon.com//cli/latest/userguide/cli-configure-sso.html) in the _AWS Command Line Interface User Guide_. -In IAM (Not recommended) | Use long-term credentials to access AWS. | Following the instructions in [ Create an IAM user for emergency access](https://docs.aws.amazon.com/IAM/latest/UserGuide/getting-started-emergency-iam-user.html) in the _IAM User Guide_. | Configure programmatic access by [Manage access keys for IAM users](https://docs.aws.amazon.com//IAM/latest/UserGuide/id_credentials_access-keys.html) in the _IAM User Guide_. +To get started with AWS, you need an AWS account. For information about creating an AWS account, see [Getting started with an AWS account](https://docs.aws.amazon.com//accounts/latest/reference/getting-started.html) in the _AWS Account Management Reference Guide_. @@ -58 +36 @@ In IAM (Not recommended) | Use long-term credentials to access AWS. | Following -In the previous step, you set up an IAM user with the credentials to access your AWS resources. In most cases, to use EventBridge Scheduler securely, we recommend that you create separate users, groups, or roles with only the necessary permissions to use EventBridge Scheduler. EventBridge Scheduler supports the following managed policies for common use cases. +After you set up your AWS account and administrative user, we recommend that you create separate users, groups, or roles with only the necessary permissions to use EventBridge Scheduler. EventBridge Scheduler supports the following managed policies for common use cases. @@ -67 +45 @@ In the previous step, you set up an IAM user with the credentials to access your -You can attach these managed policies to your IAM principals the same way you attached the `AdministratorAccess` policy in the previous step. For more information about managing access to EventBridge Scheduler using identity-based IAM policies, see [Using identity-based policies in EventBridge Scheduler](./security_iam_id-based-policy-examples.html). +You can attach these managed policies to your IAM principals. For more information about managing access to EventBridge Scheduler using identity-based IAM policies, see [Using identity-based policies in EventBridge Scheduler](./security_iam_id-based-policy-examples.html).