AWS audit-manager documentation change
Summary
Removed 'Delegate permissions' section containing IAM policy details
Security assessment
Removes existing security documentation about delegate permissions without evidence of security issue
Diff
diff --git a/audit-manager/latest/userguide/delegation-for-audit-owners-delegating-a-control-set.md b/audit-manager/latest/userguide/delegation-for-audit-owners-delegating-a-control-set.md index 93bb7577d..dd757e03b 100644 --- a/audit-manager/latest/userguide/delegation-for-audit-owners-delegating-a-control-set.md +++ b/audit-manager/latest/userguide/delegation-for-audit-owners-delegating-a-control-set.md @@ -5 +5 @@ -Delegate permissionsPrerequisitesProcedureNext steps +PrerequisitesProcedureNext steps @@ -11,30 +10,0 @@ When you need assistance from a subject matter expert, you can choose the AWS ac -## Delegate permissions - -The below policy is attached to a delegate to whom the control set is delegated to. - -Audit Manager replaces the `placeholder text` with your account and resource identifiers before attaching the policy. - - - { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Delegate", - "Effect": "Allow", - "Principal": { - "AWS": "Principal for user/role who is delegated a Control Set of the Assessment" - }, - "Action": [ - "auditmanager:UpdateAssessmentControl", - "auditmanager:UpdateAssessmentControlSetStatus", - "auditmanager:GetEvidenceFoldersByAssessmentControl", - "auditmanager:BatchImportEvidenceToAssessmentControl", - "auditmanager:GetEvidenceFolder", - "auditmanager:GetEvidence", - "auditmanager:GetEvidenceByEvidenceFolder" - ], - "Resource": "arn:aws:auditmanager:region:account_ID:assessment/assessment_ID/controlSet/control_set_ID" - } - ] - } -