AWS Security ChangesHomeSearch

AWS prescriptive-guidance documentation change

Service: prescriptive-guidance · 2025-04-11 · Documentation low

File: prescriptive-guidance/latest/least-privilege-cloudformation/limiting-and-requiring-stack-policies.md

Summary

Standardized JSON quotation marks in IAM policy examples

Security assessment

Maintains existing security documentation about stack policies but only fixes formatting without introducing new security content

Diff

diff --git a/prescriptive-guidance/latest/least-privilege-cloudformation/limiting-and-requiring-stack-policies.md b/prescriptive-guidance/latest/least-privilege-cloudformation/limiting-and-requiring-stack-policies.md
index b35761fc6..f1cfa851b 100644
--- a//prescriptive-guidance/latest/least-privilege-cloudformation/limiting-and-requiring-stack-policies.md
+++ b//prescriptive-guidance/latest/least-privilege-cloudformation/limiting-and-requiring-stack-policies.md
@@ -23,2 +23,2 @@ The following sample policy allows the IAM principal to attach stack policies th
-        “Version”: “2012-10-17”,
-        “Statement”: [
+        "Version": "2012-10-17",
+        "Statement": [
@@ -26,3 +26,3 @@ The following sample policy allows the IAM principal to attach stack policies th
-                “Effect”: “Allow”,
-                “Action”: [
-                    “cloudformation:SetStackPolicy”
+                "Effect": "Allow",
+                "Action": [
+                    "cloudformation:SetStackPolicy"
@@ -30,4 +30,4 @@ The following sample policy allows the IAM principal to attach stack policies th
-                “Resource”: “*”,
-                “Condition”: {
-                    “StringLike”: {
-                        “cloudformation:StackPolicyUrl”: “<Bucket URL>/<Team folder>/*”
+                "Resource": "*",
+                "Condition": {
+                    "StringLike": {
+                        "cloudformation:StackPolicyUrl": "<Bucket URL>/<Team folder>/*"
@@ -50,2 +50,2 @@ The following sample policy shows how you can configure an SCP that requires IAM
-      “Version”: “2012-10-17”,
-      “Statement”: [
+      "Version": "2012-10-17",
+      "Statement": [
@@ -53,4 +53,4 @@ The following sample policy shows how you can configure an SCP that requires IAM
-          “Effect”: “Deny”,
-          “Action”: [
-       “cloudformation:CreateStack”,
-       “cloudformation:UpdateStack”
+          "Effect": "Deny",
+          "Action": [
+       "cloudformation:CreateStack",
+       "cloudformation:UpdateStack"
@@ -58,4 +58,4 @@ The following sample policy shows how you can configure an SCP that requires IAM
-          “Resource”: “*”,
-          “Condition”: {
-            “Null”: {
-              “cloudformation:StackPolicyUrl”: “true”
+          "Resource": "*",
+          "Condition": {
+            "Null": {
+              "cloudformation:StackPolicyUrl": "true"