AWS Security ChangesHomeSearch

AWS AWSCloudFormation documentation change

Service: AWSCloudFormation · 2025-04-23 · Documentation low

File: AWSCloudFormation/latest/UserGuide/aws-resource-events-connection.md

Summary

Added IAM policy example showing resource-based permissions for EventBridge connections

Security assessment

Enhances security documentation by demonstrating proper IAM policy configuration for connections, but no evidence of addressing a specific security flaw.

Diff

diff --git a/AWSCloudFormation/latest/UserGuide/aws-resource-events-connection.md b/AWSCloudFormation/latest/UserGuide/aws-resource-events-connection.md
index 40671d37a..2405a0bfc 100644
--- a//AWSCloudFormation/latest/UserGuide/aws-resource-events-connection.md
+++ b//AWSCloudFormation/latest/UserGuide/aws-resource-events-connection.md
@@ -162 +162,18 @@ The ARN of the connection that was created by the request.
-Property description not available.
+Returns the Amazon Resource Name (ARN) of a connection in resource format, so it can be used in the `Resource` element of IAM permission policy statements. For more information, see [Resource types defined by Amazon EventBridge](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazoneventbridge.html#amazoneventbridge-resources-for-iam-policies) in the _Service Authorization Reference_.
+
+For example, the following resource defines an IAM policy that grants permission to update a specific connection.
+    
+    
+    Resources:
+      ExamplePolicy:
+        Type: AWS::IAM::Policy
+        Properties:
+          PolicyName: ExamplePolicy
+          PolicyDocument:
+            Version: '2012-10-17'
+            Statement:
+              - Effect: Allow
+                Action:
+                  - events:UpdateConnection
+                Resource:
+                  - !GetAtt myConnection.ArnForPolicy