AWS drs documentation change
Summary
Replaced inline IAM policy JSON with reference link to managed policy guide and fixed 'licence manager' typo
Security assessment
Change removes detailed policy documentation in favor of external reference, which is a documentation maintenance update rather than addressing a security vulnerability. The typo fix ('licence' to 'license') improves accuracy but doesn't indicate a security issue. No evidence of patching vulnerabilities or addressing exploits in the diff.
Diff
diff --git a/drs/latest/userguide/security-iam-awsmanpol-AWSElasticDisasterRecoveryConsoleFullAccess_v2.md b/drs/latest/userguide/security-iam-awsmanpol-AWSElasticDisasterRecoveryConsoleFullAccess_v2.md index 7c44908a4..f27b0c07f 100644 --- a//drs/latest/userguide/security-iam-awsmanpol-AWSElasticDisasterRecoveryConsoleFullAccess_v2.md +++ b//drs/latest/userguide/security-iam-awsmanpol-AWSElasticDisasterRecoveryConsoleFullAccess_v2.md @@ -21 +21 @@ This policy includes permissions to do the following: - * `licence manager` – List license configurations. + * `license manager` – List license configurations. @@ -40,684 +40 @@ This policy includes permissions to do the following: -This policy includes the following permissions. - - - { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "ConsoleFullAccess1", - "Effect": "Allow", - "Action": [ - "drs:*" - ], - "Resource": "*" - }, - { - "Sid": "ConsoleFullAccess2", - "Effect": "Allow", - "Action": [ - "kms:ListAliases", - "kms:DescribeKey" - ], - "Resource": "*" - }, - { - "Sid": "ConsoleFullAccess3", - "Effect": "Allow", - "Action": [ - "ec2:DescribeAccountAttributes", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeImages", - "ec2:DescribeInstances", - "ec2:DescribeInstanceTypes", - "ec2:DescribeInstanceAttribute", - "ec2:DescribeInstanceStatus", - "ec2:DescribeInstanceTypeOfferings", - "ec2:DescribeLaunchTemplateVersions", - "ec2:DescribeLaunchTemplates", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSnapshots", - "ec2:DescribeSubnets", - "ec2:DescribeVolumes", - "ec2:GetEbsEncryptionByDefault", - "ec2:GetEbsDefaultKmsKeyId", - "ec2:DescribeKeyPairs", - "ec2:DescribeCapacityReservations", - "ec2:DescribeHosts", - "ec2:AssociateIamInstanceProfile", - "ec2:GetInstanceTypesFromInstanceRequirements" - ], - "Resource": "*" - }, - { - "Sid": "ConsoleFullAccess4", - "Effect": "Allow", - "Action": "license-manager:ListLicenseConfigurations", - "Resource": "*" - }, - { - "Sid": "ConsoleFullAccess5", - "Effect": "Allow", - "Action": "resource-groups:ListGroups", - "Resource": "*" - }, - { - "Sid": "ConsoleFullAccess6", - "Effect": "Allow", - "Action": "elasticloadbalancing:DescribeLoadBalancers", - "Resource": "*" - }, - { - "Sid": "ConsoleFullAccess7", - "Effect": "Allow", - "Action": [ - "iam:ListInstanceProfiles", - "iam:ListRoles" - ], - "Resource": "*" - }, - { - "Sid": "ConsoleFullAccess8", - "Effect": "Allow", - "Action": "iam:PassRole", - "Resource": [ - "arn:aws:iam::*:role/service-role/AWSElasticDisasterRecoveryConversionServerRole", - "arn:aws:iam::*:role/service-role/AWSElasticDisasterRecoveryRecoveryInstanceRole", - "arn:aws:iam::*:role/service-role/AWSElasticDisasterRecoveryRecoveryInstanceWithLaunchActionsRole" - ], - "Condition": { - "StringEquals": { - "iam:PassedToService": "ec2.amazonaws.com" - } - } - }, - { - "Sid": "ConsoleFullAccess9", - "Effect": "Allow", - "Action": [ - "ec2:DeleteSnapshot" - ], - "Resource": "arn:aws:ec2:*:*:snapshot/*", - "Condition": - { - "Null": - { - "aws:ResourceTag/AWSElasticDisasterRecoveryManaged": "false" - }, - "Bool": - { - "aws:ViaAWSService": "true" - } - } - }, - { - "Sid": "ConsoleFullAccess10", - "Effect": "Allow", - "Action": [ - "ec2:CreateLaunchTemplateVersion", - "ec2:ModifyLaunchTemplate", - "ec2:DeleteLaunchTemplateVersions", - "ec2:CreateTags", - "ec2:DeleteTags" - ], - "Resource": "arn:aws:ec2:*:*:launch-template/*", - "Condition": { - "Null": { - "aws:ResourceTag/AWSElasticDisasterRecoveryManaged": "false" - } - } - }, - { - "Sid": "ConsoleFullAccess11", - "Effect": "Allow", - "Action": [ - "ec2:CreateLaunchTemplate" - ], - "Resource": "arn:aws:ec2:*:*:launch-template/*", - "Condition": { - "Null": { - "aws:RequestTag/AWSElasticDisasterRecoveryManaged": "false" - } - } - }, - { - "Sid": "ConsoleFullAccess12", - "Effect": "Allow", - "Action": [ - "ec2:DeleteVolume" - ], - "Resource": "arn:aws:ec2:*:*:volume/*", - "Condition": { - "Null": { - "aws:ResourceTag/AWSElasticDisasterRecoveryManaged": "false" - }, - "Bool": { - "aws:ViaAWSService": "true" - } - } - }, - { - "Sid": "ConsoleFullAccess13", - "Effect": "Allow", - "Action": [ - "ec2:StartInstances", - "ec2:StopInstances", - "ec2:TerminateInstances", - "ec2:ModifyInstanceAttribute", - "ec2:GetConsoleOutput", - "ec2:GetConsoleScreenshot" - ], - "Resource": "arn:aws:ec2:*:*:instance/*", - "Condition": { - "Null": { - "aws:ResourceTag/AWSElasticDisasterRecoveryManaged": "false" - }, - "Bool": { - "aws:ViaAWSService": "true" - } - } - }, - { - "Sid": "ConsoleFullAccess14", - "Effect": "Allow", - "Action": [ - "ec2:RevokeSecurityGroupEgress", - "ec2:AuthorizeSecurityGroupIngress", - "ec2:AuthorizeSecurityGroupEgress" - ], - "Resource": "arn:aws:ec2:*:*:security-group/*", - "Condition": { - "Null": { - "aws:ResourceTag/AWSElasticDisasterRecoveryManaged": "false" - },