AWS dtconsole documentation change
Summary
Removed multiple IAM policy examples including repository-scoped permissions and CodePipeline/CodeBuild integrations
Security assessment
The removal of policy examples appears to be documentation cleanup rather than a direct response to security issues. No explicit evidence of security vulnerabilities is provided in the diff context for these removals.
Diff
diff --git a/dtconsole/latest/userguide/security_iam_id-based-policy-examples-connections.md b/dtconsole/latest/userguide/security_iam_id-based-policy-examples-connections.md index d306cada2..2df365308 100644 --- a/dtconsole/latest/userguide/security_iam_id-based-policy-examples-connections.md +++ b/dtconsole/latest/userguide/security_iam_id-based-policy-examples-connections.md @@ -5 +5 @@ -Example: A policy for creating AWS CodeConnections with the CLI and viewing with the consoleExample: A policy for creating AWS CodeConnections with the consoleExample: An administrator-level policy for managing AWS CodeConnectionsExample: A contributor-level policy for using AWS CodeConnectionsExample: A read-only-level policy for using AWS CodeConnectionsExample: A scoped-down policy for using AWS CodeConnections with a specified repositoryExample: A policy to use a connection with CodePipelineExample: Use a CodeBuild service role for Bitbucket read operations with AWS CodeConnectionsExample: Limit the CodeBuild service role from performing operations with AWS CodeConnectionsExample: Limit host VPC permissions using the VpcId context key +Example: A policy for creating AWS CodeConnections with the CLI and viewing with the consoleExample: A policy for creating AWS CodeConnections with the consoleExample: An administrator-level policy for managing AWS CodeConnectionsExample: A contributor-level policy for using AWS CodeConnectionsExample: A read-only-level policy for using AWS CodeConnectionsExample: Limit host VPC permissions using the VpcId context key @@ -169,68 +168,0 @@ In this example, you want to grant an IAM user in your account read-only access -## Example: A scoped-down policy for using AWS CodeConnections with a specified repository - -In the following example, the customer wants the CodeBuild service role to access the specified Bitbucket repository. The policy on the CodeBuild service role: - - - { - "Version": "2012-10-17", - "Statement": { - "Effect": "Allow", - "Action": [ - "codeconnections:UseConnection" - ], - "Resource": "arn:aws:codeconnections:us-west-2:connection:3dee99b9-172f-4ebe-a257-722365a39557", - "Condition": {"ForAllValues:StringEquals": {"codeconnections:FullRepositoryId": "myrepoowner/myreponame"}} - } - } - -## Example: A policy to use a connection with CodePipeline - -In the following example, an administrator wants users to use a connection with CodePipeline. The policy attached to the user: - - - { - "Version": "2012-10-17", - "Statement": { - "Effect": "Allow", - "Action": [ - "codeconnections:PassConnection" - ], - "Resource": "arn:aws:codeconnections:us-west-2:connection/aEXAMPLE-8aad-4d5d-8878-dfcab0bc441f", - "Condition": {"ForAllValues:StringEquals": {"codeconnections:PassedToService": "codepipeline.amazonaws.com"}} - } - } - -## Example: Use a CodeBuild service role for Bitbucket read operations with AWS CodeConnections - -In the following example, the customer wants the CodeBuild service role to perform read operations on Bitbucket regardless of the repository. The policy on the CodeBuild service role: - - - { - "Version": "2012-10-17", - "Statement": { - "Effect": "Allow", - "Action": [ - "codeconnections:UseConnection" - ], - "Resource": "arn:aws:codeconnections:us-west-2:connection/aEXAMPLE-8aad-4d5d-8878-dfcab0bc441f", - "Condition": {"ForAllValues:StringEquals": {"codeconnections:ProviderPermissionsRequired": "read_only"}} - } - } - -## Example: Limit the CodeBuild service role from performing operations with AWS CodeConnections - -In the following example, the customer wants to prevent the CodeBuild service role from performing an operation like `CreateRepository`. The policy on the CodeBuild service role: - - - { - "Version": "2012-10-17", - "Statement": { - "Effect": "Allow", - "Action": [ - "codeconnections:UseConnection" - ], - "Resource": "arn:aws:codeconnections:us-west-2:connection/aEXAMPLE-8aad-4d5d-8878-dfcab0bc441f", - "Condition": {"ForAllValues:StringNotEquals": {"codeconnections:ProviderAction": "CreateRepository"}} - } - } -