[Documentation] Security page recommends using IAM Users, which conflicts with current IAM recommendations #4089
Labels
documentation
This is a problem with documentation.
feature-request
This issue requests a feature.
needs-review
p2
This is a standard priority issue
Comments
jmsgwd
added
documentation
tim-finnigan
added
the
investigating
|
Thanks @jmsgwd for pointing this out. I agree that the wording in that documentation needs an update regarding the current IAM recommendations. I'll bring this issue up for discussion with the team and we should be able to get a PR up next week to address this. |
tim-finnigan
added
feature-request
|
Pinged @shepazon for feedback on this. I think the Boto3 security documentation page (corresponding file here) should include a link to the IAM best practices and generally defer to the IAM docs as they evolve. |
|
Created PR linked above (#4100) that is pending team review. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the issue
The security page in the documentation currently says:
This is somewhat out-of-date and conflicts with the latest IAM best practices, which recommend using federated authentication with MFA (for human identities) and IAM roles with temporary credentials (for machine identities). Machine identities running outside AWS are a bit less straightforward, but even then there are options to avoid the use of IAM Users with long-term credentials - e.g. IAM Roles Anywhere allows use of X.509 client certificates to obtain temporary IAM credentials.
Links
https://boto3.amazonaws.com/v1/documentation/api/latest/guide/security.html
The text was updated successfully, but these errors were encountered: