AWS signin documentation change
Summary
Added documentation about resource-based policies and resource control policies for network-based console access restrictions.
Security assessment
This adds explanations for security features (network-based access controls) but doesn't resolve a vulnerability. It informs users about authentication workflows without evidence of patching a security flaw.
Diff
diff --git a/signin/latest/userguide/what-is-sign-in.md b/signin/latest/userguide/what-is-sign-in.md index fb2ae6e62..e8f23a28d 100644 --- a//signin/latest/userguide/what-is-sign-in.md +++ b//signin/latest/userguide/what-is-sign-in.md @@ -107,0 +108,2 @@ CloudTrail is automatically enabled on your AWS account and records events when +AWS Sign-In supports resource-based policies and resource control policies that enable you to restrict console access based on network location and principal identity. For root users, network location is validated before the password prompt appears. For all principal types, policies are evaluated at pre-authentication and post-authentication. For more information, see [Controlling console access with resource-based policies and resource control policies](./console-access-control.html). +