AWS Security ChangesHomeSearch

AWS systems-manager high security documentation change

Service: systems-manager · 2025-05-10 · Security-related high

File: systems-manager/latest/userguide/systems-manager-just-in-time-node-access-create-auto-approval-policies.md

Summary

Corrected tag validation syntax in auto-approval policy examples

Security assessment

Fixes policy syntax to properly validate tag existence and values, preventing potential unauthorized access through misconfigured policies. Directly impacts access control security.

Diff

diff --git a/systems-manager/latest/userguide/systems-manager-just-in-time-node-access-create-auto-approval-policies.md b/systems-manager/latest/userguide/systems-manager-just-in-time-node-access-create-auto-approval-policies.md
index c6695e0c5..dc6e452bd 100644
--- a//systems-manager/latest/userguide/systems-manager-just-in-time-node-access-create-auto-approval-policies.md
+++ b//systems-manager/latest/userguide/systems-manager-just-in-time-node-access-create-auto-approval-policies.md
@@ -36 +36 @@ The following is an example auto-approval policy.
-        principal has employeeNumber && principal.employeeNumber like "E-1*" && resource.hasTag("Purpose:Testing")
+        principal has employeeNumber && principal.employeeNumber like "E-1*" && resource.hasTag("Purpose") && resource.getTag("Purpose") == "Testing"