AWS IAM Release Notes Document history for the AWS IAM User Guide.
- AccessAnalyzerServiceRolePolicy – Added permissionson March 31, 2025 at 7:00 pm
IAM Access Analyzer added Amazon S3 directory bucket access points to the service-level permissions of AccessAnalyzerServiceRolePolicy.
- IAMDeleteRootUserCredentials – Removed permissionson January 7, 2025 at 7:00 pm
IAM removed the iam:DeleteVirtualMFADevice permission from the managed policy.
- AccessAnalyzerServiceRolePolicy – Added permissionson December 10, 2024 at 7:00 pm
IAM Access Analyzer added support for permission to retrieve information about Amazon ECR account settings and registry policies to the service-level permissions of AccessAnalyzerServiceRolePolicy.
- AWS managed policy update – New policieson November 14, 2024 at 7:00 pm
IAM added two new policies to scope permissions for privileged root user sessions that you can initiate after you centralize root user access for member accounts in your organization.
- Centrally manage root access for member accountson November 14, 2024 at 7:00 pm
You can now manage privileged root user credentials across member accounts in AWS Organizations with centralized root access. Centrally secure the root user credentials of your AWS accounts managed using AWS Organizations to remove and prevent root user credential recovery and access at scale.
- IAM Access Analyzer added access configurationon November 14, 2024 at 7:00 pm
IAM Access Analyzer added support to configure analyzers to change the scope of which AWS accounts, IAM users, and roles generate findings.
- Support for AWS Organizations resource control policies (RCPs)on November 13, 2024 at 7:00 pm
Use an AWS Organizations resource control policy (RCP) to define the maximum permissions for resources within accounts in your organization or organizational unit (OU). RCPs limit permissions that identity-based and resource-based policies can grant to resources in accounts within your organization.
- AccessAnalyzerServiceRolePolicy – Added permissionson October 29, 2024 at 7:00 pm
IAM Access Analyzer added support for permission to retrieve information about IAM user and role tags to the service-level permissions of AccessAnalyzerServiceRolePolicy.
- AccessAnalyzerServiceRolePolicy – Added permissionson May 30, 2024 at 7:00 pm
IAM Access Analyzer added support for permission to retrieve information about IAM user and role policies to the service-level permissions of AccessAnalyzerServiceRolePolicy.
- Encryption support for SAML identity providerson February 4, 2024 at 7:00 pm
IAM SAML providers now support encrypted assertions in the SAML response from your external IdP. To understand how encryption works with IAM SAML federation, see Using SAML-based federation for API access.
- AccessAnalyzerServiceRolePolicy – Added permissionson January 23, 2024 at 7:00 pm
IAM Access Analyzer added support for permission to retrieve the current state of the block public access for Amazon EC2 snapshots to the service-level permissions of AccessAnalyzerServiceRolePolicy.
- AccessAnalyzerServiceRolePolicy – Added permissionson January 11, 2024 at 7:00 pm
IAM Access Analyzer added DynamoDB streams and tables to the service-level permissions of AccessAnalyzerServiceRolePolicy.
- AccessAnalyzerServiceRolePolicy – Added permissionson December 1, 2023 at 7:00 pm
IAM Access Analyzer added Amazon S3 directory buckets to the service-level permissions of AccessAnalyzerServiceRolePolicy.
- AccessAnalyzerServiceRolePolicy – Added permissionson November 26, 2023 at 7:00 pm
IAM Access Analyzer added IAM actions to the service-level permissions of AccessAnalyzerServiceRolePolicy to support the following actions:
- IAM Access Analyzer added custom policy checkson November 26, 2023 at 7:00 pm
IAM Access Analyzer now provides custom policy checks to validate that IAM policies adhere to your security standards ahead of deployments.
- IAM Access Analyzer added unused access analyzerson November 26, 2023 at 7:00 pm
IAM Access Analyzer simplifies inspecting unused access to guide you toward least privilege. IAM Access Analyzer continuously analyzes your accounts to identify unused access and creates a centralized dashboard with findings.
- IAMAccessAnalyzerReadOnlyAccess – Added permissionson November 26, 2023 at 7:00 pm
IAM Access Analyzer added permissions to IAMAccessAnalyzerReadOnlyAccess to allow you to check whether updates to your policies grant additional access.
- Action last accessed information and policy generation support for over 60
additional services and actionson November 1, 2023 at 7:00 pm
IAM now supports action last accessed information and generates policies with action-level information for over 60 additional services, along with a list of the actions for which action last accessed information is available.
- Action last accessed information support for over 140 serviceson September 14, 2023 at 7:00 pm
IAM now provides action last accessed information for more than 140 services, along with a list of the actions for which action last accessed information is available.
- Support for multiple multi-factor authentication (MFA) devices for root users and
IAM userson November 16, 2022 at 7:00 pm
Now you can to add up to eight MFA devices per user, including FIDO security keys, software time-based one-time password (TOTP) with virtual authenticator applications, or hardware TOTP tokens.
- IAM Access Analyzer support for new resource typeson October 25, 2022 at 7:00 pm
IAM Access Analyzer added support for the following resource types:
- U2F deprecation and WebAuthn/FIDO updateon May 31, 2022 at 7:00 pm
Removed mentions of U2F as an MFA option and added information about WebAuthn, FIDO2, and FIDO security keys.
- Updates to resilience in IAMon May 16, 2022 at 7:00 pm
Added information about maintaining access to IAM credentials when an event disrupts communication between AWS Regions.
- New global condition keys for resourceson April 27, 2022 at 7:00 pm
You can now control access to resources based on the account, Organizational Unit (OU), or organization in AWS Organizations that contains your resources. You can use the aws:ResourceAccount, aws:ResourceOrgID, and aws:ResourceOrgPaths global condition keys in an IAM policy.
- Code examples for IAM using AWS SDKson April 7, 2022 at 7:00 pm
Added code examples that show how to use IAM with an AWS software development kit (SDK). The examples are divided into code excerpts that show you how to call individual service functions and examples that show you how to accomplish a specific task by calling multiple functions within the same service.
- Updates to policy evaluation logic flow charton November 17, 2021 at 7:00 pm
Updates to the policy evaluation logic flow chart and related text in the Determining whether a request is allowed or denied within an account section.
- Updates to policy evaluation logic topic for resource-based policieson October 5, 2021 at 7:00 pm
Added information about the impact of resource-based policies and different principal types in the same account.
- Updates to security best practiceson October 5, 2021 at 7:00 pm
Added information about creating administrative users instead of using root user credentials, removed the best practice of using IAM groups to assign permissions to IAM users, and clarified when to use managed policies instead of inline policies.
- Updates to single-valued and multivalued condition keyson September 30, 2021 at 7:00 pm
The differences between single-valued and multivalued condition keys are now explained in more detail. The value type was added to each AWS global condition context key.
- AWS managed policy updates – Update to an existing policyon September 2, 2021 at 7:00 pm
IAM Access Analyzer updated an existing AWS managed policy.
- IAM Access Analyzer supports Amazon S3 Multi-Region Access Pointson September 2, 2021 at 7:00 pm
IAM Access Analyzer identifies Amazon S3 buckets that allow public and cross-account access, including those that use Amazon S3 Multi-Region Access Points.
