AWS drs documentation change
Summary
Replaced inline IAM policy JSON with reference link to AWS Managed Policy Guide
Security assessment
Similar to v1 policy change, removes policy details but maintains security context through linking. No indication of security vulnerability remediation.
Diff
diff --git a/drs/latest/userguide/security-iam-awsmanpol-AWSElasticDisasterRecoveryStagingAccountPolicy_v2.md b/drs/latest/userguide/security-iam-awsmanpol-AWSElasticDisasterRecoveryStagingAccountPolicy_v2.md index 2a5aa38d1..b5631d511 100644 --- a//drs/latest/userguide/security-iam-awsmanpol-AWSElasticDisasterRecoveryStagingAccountPolicy_v2.md +++ b//drs/latest/userguide/security-iam-awsmanpol-AWSElasticDisasterRecoveryStagingAccountPolicy_v2.md @@ -11,46 +11 @@ This policy is used by AWS Elastic Disaster Recovery (AWS DRS) to recover source -This policy includes the following permissions. - - - { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "DRSStagingAccountPolicyv21", - "Effect": "Allow", - "Action": [ - "drs:DescribeSourceServers", - "drs:DescribeRecoverySnapshots", - "drs:CreateConvertedSnapshotForDrs", - "drs:GetReplicationConfiguration", - "drs:DescribeJobs", - "drs:DescribeJobLogItems" - ], - "Resource": "*" - }, - { - "Sid": "DRSStagingAccountPolicyv22", - "Effect": "Allow", - "Action": [ - "ec2:ModifySnapshotAttribute" - ], - "Resource": "arn:aws:ec2:*:*:snapshot/*", - "Condition": { - "StringEquals": { - "ec2:Add/userId": "${aws:SourceIdentity}" - }, - "Null": { - "aws:ResourceTag/AWSElasticDisasterRecoveryManaged": "false" - } - } - }, - { - "Sid": "DRSStagingAccountPolicyv23", - "Effect": "Allow", - "Action": "drs:IssueAgentCertificateForDrs", - "Resource": [ - "arn:aws:drs:*:*:source-server/*" - ] - } - ] - } - +To view the policy permission details see [AWSElasticDisasterRecoveryStagingAccountPolicy_v2](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AWSElasticDisasterRecoveryStagingAccountPolicy_v2.html) in the AWS Managed Policy Reference Guide.