AWS drs documentation change
Summary
Replaced inline IAM policy JSON with reference link to AWS Managed Policy Guide
Security assessment
Change removes detailed policy documentation but maintains security context through reference. No evidence of addressing a specific security vulnerability.
Diff
diff --git a/drs/latest/userguide/security-iam-awsmanpol-AWSElasticDisasterRecoveryStagingAccountPolicy.md b/drs/latest/userguide/security-iam-awsmanpol-AWSElasticDisasterRecoveryStagingAccountPolicy.md index 0ae547d7d..bedfd3894 100644 --- a//drs/latest/userguide/security-iam-awsmanpol-AWSElasticDisasterRecoveryStagingAccountPolicy.md +++ b//drs/latest/userguide/security-iam-awsmanpol-AWSElasticDisasterRecoveryStagingAccountPolicy.md @@ -11,38 +11 @@ This policy allows read-only access to AWS Elastic Disaster Recovery (AWS DRS) r -This policy includes the following permissions. - - - { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "DRSStagingAccountPolicy1", - "Effect": "Allow", - "Action": [ - "drs:DescribeSourceServers", - "drs:DescribeRecoverySnapshots", - "drs:CreateConvertedSnapshotForDrs", - "drs:GetReplicationConfiguration", - "drs:DescribeJobs", - "drs:DescribeJobLogItems" - ], - "Resource": "*" - }, - { - "Sid": "DRSStagingAccountPolicy2", - "Effect": "Allow", - "Action": [ - "ec2:ModifySnapshotAttribute" - ], - "Resource": "arn:aws:ec2:*:*:snapshot/*", - "Condition": { - "StringEquals": { - "ec2:Add/userId": "${aws:SourceIdentity}" - }, - "Null": { - "aws:ResourceTag/AWSElasticDisasterRecoveryManaged": "false" - } - } - } - ] - } - +To view the policy permission details see [AWSElasticDisasterRecoveryStagingAccountPolicy](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AWSElasticDisasterRecoveryStagingAccountPolicy.html) in the AWS Managed Policy Reference Guide.