AWS waf documentation change
Summary
Updated IAM policy examples with new CloudFront distribution tenant actions and ACM permissions
Security assessment
Adds documentation for new IAM permissions required to manage CloudFront tenant security configurations, enhancing security feature guidance without addressing a specific vulnerability.
Diff
diff --git a/waf/latest/developerguide/security_iam_id-based-policy-examples.md b/waf/latest/developerguide/security_iam_id-based-policy-examples.md index 1c217ab4b..eec5e3ab9 100644 --- a//waf/latest/developerguide/security_iam_id-based-policy-examples.md +++ b//waf/latest/developerguide/security_iam_id-based-policy-examples.md @@ -118,0 +119,3 @@ The following policy grants users read-only access to AWS WAF resources, to Amaz + "cloudfront:ListDistributionTenantsByCustomization", + "cloudfront:ListDistributionTenants", + "cloudfront:GetDistributionTenant", @@ -141,3 +143,0 @@ The following policy lets users perform any AWS WAF operation, perform any opera - "cloudfront:GetDistribution", - "cloudfront:GetDistributionConfig", - "cloudfront:UpdateDistribution", @@ -145,0 +146,9 @@ The following policy lets users perform any AWS WAF operation, perform any opera + "cloudfront:UpdateDistribution", + "cloudfront:GetDistributionConfig", + "cloudfront:GetDistribution", + "cloudfront:DisassociateDistributionTenantWebACL", + "cloudfront:DisassociateDistributionWebACL", + "cloudfront:AssociateDistributionTenantWebACL", + "cloudfront:AssociateDistributionWebACL", + "cloudfront:ListDistributionTenantsByCustomization", + "cloudfront:ListDistributionTenants", @@ -146,0 +156 @@ The following policy lets users perform any AWS WAF operation, perform any opera + "cloudfront:GetDistributionTenant", @@ -149,0 +160,2 @@ The following policy lets users perform any AWS WAF operation, perform any opera + "acm:DescribeCertificate", + "acm:RequestCertificate",