AWS lambda documentation change
Summary
Expanded IAM policy resource ARN to include both object and bucket level permissions
Security assessment
The change broadens IAM resource specification but doesn't address a specific security vulnerability or weakness. It appears to ensure policy completeness rather than fix a security issue.
Diff
diff --git a/lambda/latest/dg/with-kafka-on-failure.md index 4418c06c3..e5034a687 100644 --- a/lambda/latest/dg/with-kafka-on-failure.md +++ b/lambda/latest/dg/with-kafka-on-failure.md @@ -105 +105,4 @@ The following example shows an IAM policy that limits your function's `s3:PutObj - "Resource": "arn:aws:s3:::*/*", + "Resource": [ + "arn:aws:s3:::*/*", + "arn:aws:s3:::*" + ],