AWS Security ChangesHomeSearch

AWS dtconsole documentation change

Service: dtconsole · 2025-03-30 · Documentation low

File: dtconsole/latest/userguide/security_iam_id-based-policy-examples-connections.md

Summary

Removed multiple IAM policy examples including repository-scoped permissions and CodePipeline/CodeBuild integrations

Security assessment

The removal of policy examples appears to be documentation cleanup rather than a direct response to security issues. No explicit evidence of security vulnerabilities is provided in the diff context for these removals.

Diff

diff --git a/dtconsole/latest/userguide/security_iam_id-based-policy-examples-connections.md b/dtconsole/latest/userguide/security_iam_id-based-policy-examples-connections.md
index d306cada2..2df365308 100644
--- a/dtconsole/latest/userguide/security_iam_id-based-policy-examples-connections.md
+++ b/dtconsole/latest/userguide/security_iam_id-based-policy-examples-connections.md
@@ -5 +5 @@
-Example: A policy for creating AWS CodeConnections with the CLI and viewing with the consoleExample: A policy for creating AWS CodeConnections with the consoleExample: An administrator-level policy for managing AWS CodeConnectionsExample: A contributor-level policy for using AWS CodeConnectionsExample: A read-only-level policy for using AWS CodeConnectionsExample: A scoped-down policy for using AWS CodeConnections with a specified repositoryExample: A policy to use a connection with CodePipelineExample: Use a CodeBuild service role for Bitbucket read operations with AWS CodeConnectionsExample: Limit the CodeBuild service role from performing operations with AWS CodeConnectionsExample: Limit host VPC permissions using the VpcId context key 
+Example: A policy for creating AWS CodeConnections with the CLI and viewing with the consoleExample: A policy for creating AWS CodeConnections with the consoleExample: An administrator-level policy for managing AWS CodeConnectionsExample: A contributor-level policy for using AWS CodeConnectionsExample: A read-only-level policy for using AWS CodeConnectionsExample: Limit host VPC permissions using the VpcId context key 
@@ -169,68 +168,0 @@ In this example, you want to grant an IAM user in your account read-only access
-## Example: A scoped-down policy for using AWS CodeConnections with a specified repository
-
-In the following example, the customer wants the CodeBuild service role to access the specified Bitbucket repository. The policy on the CodeBuild service role:
-    
-    
-    {
-        "Version": "2012-10-17",
-        "Statement": {
-            "Effect": "Allow",
-            "Action": [
-                "codeconnections:UseConnection"
-            ],
-            "Resource": "arn:aws:codeconnections:us-west-2:connection:3dee99b9-172f-4ebe-a257-722365a39557",
-            "Condition": {"ForAllValues:StringEquals": {"codeconnections:FullRepositoryId": "myrepoowner/myreponame"}}
-        }
-    }
-
-## Example: A policy to use a connection with CodePipeline
-
-In the following example, an administrator wants users to use a connection with CodePipeline. The policy attached to the user:
-    
-    
-    {
-        "Version": "2012-10-17",
-        "Statement": {
-            "Effect": "Allow",
-            "Action": [
-                "codeconnections:PassConnection"
-            ],
-            "Resource": "arn:aws:codeconnections:us-west-2:connection/aEXAMPLE-8aad-4d5d-8878-dfcab0bc441f",
-            "Condition": {"ForAllValues:StringEquals": {"codeconnections:PassedToService": "codepipeline.amazonaws.com"}}
-        }
-    }
-
-## Example: Use a CodeBuild service role for Bitbucket read operations with AWS CodeConnections
-
-In the following example, the customer wants the CodeBuild service role to perform read operations on Bitbucket regardless of the repository. The policy on the CodeBuild service role:
-    
-    
-    {
-        "Version": "2012-10-17",
-        "Statement": {
-            "Effect": "Allow",
-            "Action": [
-                "codeconnections:UseConnection"
-            ],
-            "Resource": "arn:aws:codeconnections:us-west-2:connection/aEXAMPLE-8aad-4d5d-8878-dfcab0bc441f",
-            "Condition": {"ForAllValues:StringEquals": {"codeconnections:ProviderPermissionsRequired": "read_only"}}
-        }
-    }
-
-## Example: Limit the CodeBuild service role from performing operations with AWS CodeConnections
-
-In the following example, the customer wants to prevent the CodeBuild service role from performing an operation like `CreateRepository`. The policy on the CodeBuild service role:
-    
-    
-    {
-        "Version": "2012-10-17",
-        "Statement": {
-            "Effect": "Allow",
-            "Action": [
-                "codeconnections:UseConnection"
-            ],
-            "Resource": "arn:aws:codeconnections:us-west-2:connection/aEXAMPLE-8aad-4d5d-8878-dfcab0bc441f",
-            "Condition": {"ForAllValues:StringNotEquals": {"codeconnections:ProviderAction": "CreateRepository"}}
-        }
-    }
-