AWS Security ChangesHomeSearch

AWS cognito documentation change

Service: cognito · 2025-04-16 · Documentation low

File: cognito/latest/developerguide/iam-roles.md

Summary

Updated section headers to use markdown subheading syntax (######) and added reference to Amazon S3 Access Grants in IAM roles documentation

Security assessment

Changes are structural/formatting improvements and adding a service reference without introducing or modifying security-related content

Diff

diff --git a/cognito/latest/developerguide/iam-roles.md b/cognito/latest/developerguide/iam-roles.md
index ff65802e1..08545dd5f 100644
--- a//cognito/latest/developerguide/iam-roles.md
+++ b//cognito/latest/developerguide/iam-roles.md
@@ -321 +321 @@ As a security best practice, policies should include only the permissions that u
-**Grant an identity read access to a single object in Amazon S3**
+###### Grant an identity read access to a single object in Amazon S3
@@ -339 +339 @@ The following access policy grants read permissions to an identity to retrieve a
-**Grant an identity both read and write access to identity specific paths in Amazon S3**
+###### Grant an identity both read and write access to identity specific paths in Amazon S3
@@ -366 +366,3 @@ With this policy, an identity such as `us-east-1:12345678-1234-1234-1234-1234567
-**Assign identities fine-grained access to Amazon DynamoDB**
+A similar access model is achieved with [Amazon S3 Access Grants](https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-grants.html).
+
+###### Assign identities fine-grained access to Amazon DynamoDB
@@ -397 +399 @@ The following access policy provides fine-grained access control to DynamoDB res
-**Grant an identity permission to invoke a Lambda function**
+###### Grant an identity permission to invoke a Lambda function
@@ -415 +417 @@ The following access policy grants an identity permission to invoke a Lambda fun
-**Grant an identity permission to publish records to Kinesis Data Streams**
+###### Grant an identity permission to publish records to Kinesis Data Streams
@@ -433 +435 @@ The following access policy allows an identity to use the `PutRecord` operation
-**Grant an identity access to their data in the Amazon Cognito Sync store**
+###### Grant an identity access to their data in the Amazon Cognito Sync store