AWS Security ChangesHomeSearch

AWS notifications documentation change

Service: notifications · 2025-03-02 · Documentation low

File: notifications/latest/userguide/resource-level-permissions.md

Summary

Added new examples for notification configuration permissions, including full CRUD access and email association permissions

Security assessment

The change adds new permission examples but does not address any specific security vulnerabilities or add new security-related documentation

Diff

diff --git a/notifications/latest/userguide/resource-level-permissions.md
index 336f7c71c..24487cf56 100644
--- a/notifications/latest/userguide/resource-level-permissions.md
+++ b/notifications/latest/userguide/resource-level-permissions.md
@@ -5 +5 @@
-Supported resource-level permissions for User Notifications API actions  Example 1: Administrator access  Example 2: ReadOnly access  Example 3: Deny a user the ability to update a notification configuration 
+Supported resource-level permissions for User Notifications API actions  Example 1: Full access  Example 2: ReadOnly access  Example 3: Deny a user the ability to update a notification configuration  Example 4: Allow users to create notification configurations and associate emails to them  Example 5: Allow users full create, read, update, and delete (CRUD) access. 
@@ -62 +62 @@ UntagResource |  `arn:aws:notifications-contacts::`accountId`:emailcontact/`emai
-##  Example 1: Administrator access 
+##  Example 1: Full access 
@@ -120,0 +121,45 @@ This policy denies a user the ability to update a notification configuration.
+##  Example 4: Allow users to create notification configurations and associate emails to them 
+
+This policy allows users to create notification configurations and associate emails to those configurations.
+    
+    
+    {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": [
+           "iam:CreateServiceLinkedRole",
+           "notifications:RegisterNotificationHub",
+           "notifications:CreateNotificationConfiguration",
+           "notifications:CreateEventRule",
+           "notifications:AssociateChannel",
+           "notifications-contacts:CreateEmailContact",
+           "notifications-contacts:SendActivationCode",
+           "notifications-contacts:ActivateEmailContact"
+          ],
+          "Resource": "*"
+        }
+      ]
+    }
+
+##  Example 5: Allow users full create, read, update, and delete (CRUD) access. 
+
+This policy allows users full CRUD access.
+    
+    
+    {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": [
+          "iam:CreateServiceLinkedRole",
+          "notifications:*",
+          "notifications-contacts:*"
+          ],
+          "Resource": "*"
+        }
+      ]
+    }
+