-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Documentation] Security page recommends using IAM Users, which conflicts with current IAM recommendations #4089
Comments
Thanks @jmsgwd for pointing this out. I agree that the wording in that documentation needs an update regarding the current IAM recommendations. I'll bring this issue up for discussion with the team and we should be able to get a PR up next week to address this. |
Pinged @shepazon for feedback on this. I think the Boto3 security documentation page (corresponding file here) should include a link to the IAM best practices and generally defer to the IAM docs as they evolve. |
Created PR linked above (#4100) that is pending team review. |
Describe the issue
The security page in the documentation currently says:
This is somewhat out-of-date and conflicts with the latest IAM best practices, which recommend using federated authentication with MFA (for human identities) and IAM roles with temporary credentials (for machine identities). Machine identities running outside AWS are a bit less straightforward, but even then there are options to avoid the use of IAM Users with long-term credentials - e.g. IAM Roles Anywhere allows use of X.509 client certificates to obtain temporary IAM credentials.
Links
https://boto3.amazonaws.com/v1/documentation/api/latest/guide/security.html
The text was updated successfully, but these errors were encountered: