AWS tnb documentation change
Summary
Added SSM (Systems Manager Parameter Store) actions and resource ARN to AWS TNB service role policy
Security assessment
The change expands IAM policy permissions to include SSM parameter operations, which are security-relevant as they govern access to sensitive configuration data. However, there is no evidence this addresses a specific security vulnerability.
Diff
diff --git a/tnb/latest/ug/security_iam_id-based-policy-examples.md b/tnb/latest/ug/security_iam_id-based-policy-examples.md index bdc57e8be..eb1f1ad34 100644 --- a//tnb/latest/ug/security_iam_id-based-policy-examples.md +++ b//tnb/latest/ug/security_iam_id-based-policy-examples.md @@ -246 +246,8 @@ The following code shows an AWS TNB service role policy: - "cloudformation:UpdateTerminationProtection" + "cloudformation:UpdateTerminationProtection", + "ssm:PutParameter", + "ssm:GetParameters", + "ssm:GetParameter", + "ssm:DeleteParameter", + "ssm:AddTagsToResource", + "ssm:ListTagsForResource", + "ssm:RemoveTagsFromResource" @@ -256 +263,2 @@ The following code shows an AWS TNB service role policy: - "arn:aws:cloudformation:*:*:stack/tnb*" + "arn:aws:cloudformation:*:*:stack/tnb*", + "arn:aws:ssm:*:*:parameter/tnb/*"