AWS AWSCloudFormation documentation change
Summary
Added IAM policy example showing resource-based permissions for EventBridge connections
Security assessment
Enhances security documentation by demonstrating proper IAM policy configuration for connections, but no evidence of addressing a specific security flaw.
Diff
diff --git a/AWSCloudFormation/latest/UserGuide/aws-resource-events-connection.md b/AWSCloudFormation/latest/UserGuide/aws-resource-events-connection.md index 40671d37a..2405a0bfc 100644 --- a//AWSCloudFormation/latest/UserGuide/aws-resource-events-connection.md +++ b//AWSCloudFormation/latest/UserGuide/aws-resource-events-connection.md @@ -162 +162,18 @@ The ARN of the connection that was created by the request. -Property description not available. +Returns the Amazon Resource Name (ARN) of a connection in resource format, so it can be used in the `Resource` element of IAM permission policy statements. For more information, see [Resource types defined by Amazon EventBridge](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazoneventbridge.html#amazoneventbridge-resources-for-iam-policies) in the _Service Authorization Reference_. + +For example, the following resource defines an IAM policy that grants permission to update a specific connection. + + + Resources: + ExamplePolicy: + Type: AWS::IAM::Policy + Properties: + PolicyName: ExamplePolicy + PolicyDocument: + Version: '2012-10-17' + Statement: + - Effect: Allow + Action: + - events:UpdateConnection + Resource: + - !GetAtt myConnection.ArnForPolicy