AWS iot-mi documentation change
Summary
Updated capitalization of 'Managed Integrations' throughout the document and clarified credential management responsibilities
Security assessment
Changes are capitalization corrections and minor wording improvements without altering security guidance. The document continues to emphasize that credentials are managed by the connector (not AWS) and advises against logging sensitive credentials, but no new security vulnerabilities or features are addressed.
Diff
diff --git a/iot-mi/latest/devguide/concepts-general-authorization-dev.md b/iot-mi/latest/devguide/concepts-general-authorization-dev.md index 659ae1d40..f04961b18 100644 --- a//iot-mi/latest/devguide/concepts-general-authorization-dev.md +++ b//iot-mi/latest/devguide/concepts-general-authorization-dev.md @@ -36 +36 @@ This section explains how to implement General Authorization support in your con -General Authorization is any non-OAuth authorization mechanism that allows your connector to authorize with third-party platforms using customer credentials. With General Authorization, Managed integrations delegates credential management to your connector, and a single set of credentials can control devices across multiple end users. +General Authorization is any non-OAuth authorization mechanism that allows your connector to authorize with third-party platforms using customer credentials. With General Authorization, Managed Integrations delegates credential management to your connector, and a single set of credentials can control devices across multiple end users. @@ -67 +67 @@ This approach ensures that managed integrations never handles long-term credenti -Managed integrations does not access or manage the credentials stored in the customer's AWS Secrets Manager. Your connector has full control over credential retrieval, parsing, and usage. +Managed Integrations does not access or manage the credentials stored in the customer's AWS Secrets Manager. Your connector has full control over credential retrieval, parsing, and usage. @@ -75 +75 @@ We recommend that you don't log sensitive credentials or tokens in any logs. If -When Managed integrations invokes your connector for a General Authorization account association, the request header contains a AWS Secrets Manager reference instead of an OAuth token. The request structure is consistent across all connector operations (`AWS.ActivateUser`, `AWS.DiscoverDevices`, `AWS.SendCommand`, and `AWS.DeactivateUser`). +When Managed Integrations invokes your connector for a General Authorization account association, the request header contains a AWS Secrets Manager reference instead of an OAuth token. The request structure is consistent across all connector operations (`AWS.ActivateUser`, `AWS.DiscoverDevices`, `AWS.SendCommand`, and `AWS.DeactivateUser`). @@ -143 +143 @@ When your connector receives a General Authorization request, follow this workfl -Your connector is responsible for all credential management, including token generation, refresh, and error handling. Managed integrations only provides the reference to the secret; it does not manage the credentials themselves. +Your connector is responsible for all credential management, including token generation, refresh, and error handling. Managed Integrations only provides the reference to the secret; it does not manage the credentials themselves.