AWS AWSCloudFormation medium security documentation change
Summary
Modified example IAM policy to restrict action from wildcard (*) to specific kms:CreateKey permission
Security assessment
Demonstrates security best practice by enforcing least privilege access in policy examples
Diff
diff --git a/AWSCloudFormation/latest/UserGuide/fas-requests-and-permission-evaluation.md b/AWSCloudFormation/latest/UserGuide/fas-requests-and-permission-evaluation.md index cde92c4c6..4b88524c8 100644 --- a//AWSCloudFormation/latest/UserGuide/fas-requests-and-permission-evaluation.md +++ b//AWSCloudFormation/latest/UserGuide/fas-requests-and-permission-evaluation.md @@ -23 +23 @@ Consider the following IAM policy. `Statement2` will consistently prevent the cr - "*" + "kms:CreateKey"