AWS waf documentation change
Summary
Added AWS Amplify to IAM policy documentation for WAF integrated services
Security assessment
Updates IAM policy documentation to include Amplify, which is part of security feature documentation but doesn't address a specific vulnerability
Diff
diff --git a/waf/latest/developerguide/security-iam-awsmanpol.md b/waf/latest/developerguide/security-iam-awsmanpol.md index 54b376287..63985dd2b 100644 --- a/waf/latest/developerguide/security-iam-awsmanpol.md +++ b/waf/latest/developerguide/security-iam-awsmanpol.md @@ -21 +21 @@ For more information, see [AWS managed policies](https://docs.aws.amazon.com/IAM -This policy grants read-only permissions that allow users to access AWS WAF resources and resources for integrated services, such as Amazon CloudFront, Amazon API Gateway, Application Load Balancer, AWS AppSync, Amazon Cognito, AWS App Runner, and AWS Verified Access. You can attach this policy to your IAM identities. AWS WAF also attaches this policy to a service role that allows AWS WAF to perform actions on your behalf. +This policy grants read-only permissions that allow users to access AWS WAF resources and resources for integrated services, such as Amazon CloudFront, Amazon API Gateway, Application Load Balancer, AWS AppSync, Amazon Cognito, AWS App Runner, AWS Amplify, and AWS Verified Access. You can attach this policy to your IAM identities. AWS WAF also attaches this policy to a service role that allows AWS WAF to perform actions on your behalf. @@ -27 +27 @@ For details about this policy, see [AWSWAFReadOnlyAccess](https://console.aws.am -This policy grants full access to AWS WAF resources and resources for integrated services, such as Amazon CloudFront, Amazon API Gateway, Application Load Balancer, AWS AppSync, Amazon Cognito, AWS App Runner, and AWS Verified Access. You can attach this policy to your IAM identities. AWS WAF also attaches this policy to a service role that allows AWS WAF to perform actions on your behalf. +This policy grants full access to AWS WAF resources and resources for integrated services, such as Amazon CloudFront, Amazon API Gateway, Application Load Balancer, AWS AppSync, Amazon Cognito, AWS App Runner, AWS Amplify, and AWS Verified Access. You can attach this policy to your IAM identities. AWS WAF also attaches this policy to a service role that allows AWS WAF to perform actions on your behalf. @@ -33 +33 @@ For details about this policy, see [AWSWAFFullAccess](https://console.aws.amazon -This policy grants read-only permissions to the AWS WAF console, which includes resources for AWS WAF and for integrated services, such as Amazon CloudFront, Amazon API Gateway, Application Load Balancer, AWS AppSync, Amazon Cognito, AWS App Runner, and AWS Verified Access. You can attach this policy to your IAM identities. AWS WAF also attaches this policy to aiam/home#/policies/arn:aws:iam::aws:policy/AWSWAFConsoleFullAccess$serviceLevelSummary service role that allows AWS WAF to perform actions on your behalf. +This policy grants read-only permissions to the AWS WAF console, which includes resources for AWS WAF and for integrated services, such as Amazon CloudFront, Amazon API Gateway, Application Load Balancer, AWS AppSync, Amazon Cognito, AWS App Runner, AWS Amplify, and AWS Verified Access. You can attach this policy to your IAM identities. AWS WAF also attaches this policy to aiam/home#/policies/arn:aws:iam::aws:policy/AWSWAFConsoleFullAccess$serviceLevelSummary service role that allows AWS WAF to perform actions on your behalf. @@ -39 +39 @@ For details about this policy, see [AWSWAFConsoleReadOnlyAccess](https://console -This policy grants full access to the AWS WAF console, which includes resources for AWS WAF and for integrated services, such as Amazon CloudFront, Amazon API Gateway, Application Load Balancer, AWS AppSync, Amazon Cognito, AWS App Runner, and AWS Verified Access. You can attach this policy to your IAM identities. AWS WAF also attaches this policy to a service role that allows AWS WAF to perform actions on your behalf. +This policy grants full access to the AWS WAF console, which includes resources for AWS WAF and for integrated services, such as Amazon CloudFront, Amazon API Gateway, Application Load Balancer, AWS AppSync, Amazon Cognito, AWS App Runner, AWS Amplify, and AWS Verified Access. You can attach this policy to your IAM identities. AWS WAF also attaches this policy to a service role that allows AWS WAF to perform actions on your behalf.