AWS IAM medium security documentation change
Summary
Replaced wildcard IAM action with specific read/generate actions in policy example
Security assessment
Changing from iam:* to specific actions enforces least privilege access, addressing a security best practice. This prevents accidental over-permissioning in policy examples.
Diff
diff --git a/IAM/latest/UserGuide/reference_policies_condition-keys.md b/IAM/latest/UserGuide/reference_policies_condition-keys.md index a1ef36cc2..fd14e116c 100644 --- a//IAM/latest/UserGuide/reference_policies_condition-keys.md +++ b//IAM/latest/UserGuide/reference_policies_condition-keys.md @@ -288 +288,5 @@ This example shows how you might create an identity-based policy that allows use - "Action": "iam:*", + "Action": [ + "iam:Get*", + "iam:List*", + "iam:Generate*" + ],