AWS systems-manager high security documentation change
Summary
Corrected tag validation syntax in auto-approval policy examples
Security assessment
Fixes policy syntax to properly validate tag existence and values, preventing potential unauthorized access through misconfigured policies. Directly impacts access control security.
Diff
diff --git a/systems-manager/latest/userguide/systems-manager-just-in-time-node-access-create-auto-approval-policies.md b/systems-manager/latest/userguide/systems-manager-just-in-time-node-access-create-auto-approval-policies.md index c6695e0c5..dc6e452bd 100644 --- a//systems-manager/latest/userguide/systems-manager-just-in-time-node-access-create-auto-approval-policies.md +++ b//systems-manager/latest/userguide/systems-manager-just-in-time-node-access-create-auto-approval-policies.md @@ -36 +36 @@ The following is an example auto-approval policy. - principal has employeeNumber && principal.employeeNumber like "E-1*" && resource.hasTag("Purpose:Testing") + principal has employeeNumber && principal.employeeNumber like "E-1*" && resource.hasTag("Purpose") && resource.getTag("Purpose") == "Testing"