AWS ARG documentation change
Summary
Changed IAM policy action from 'resource-groups:ListGroups' to 'resource-groups:GetGroup' in an example policy
Security assessment
The change modifies the allowed action in a policy example but does not address a specific security vulnerability or weakness. It appears to correct or refine permissions without explicit security context.
Diff
diff --git a/ARG/latest/userguide/security_iam_id-based-policy-examples.md b/ARG/latest/userguide/security_iam_id-based-policy-examples.md index 1bc47ca9c..ca3b5cd3f 100644 --- a//ARG/latest/userguide/security_iam_id-based-policy-examples.md +++ b//ARG/latest/userguide/security_iam_id-based-policy-examples.md @@ -123,6 +123 @@ You can use conditions in your identity-based policy to control access to Resour - "Action": "resource-groups:ListGroups", - "Resource": "arn:aws:resource-groups::region:account_ID:group/group_name" - }, - { - "Effect": "Allow", - "Action": "resource-groups:ListGroups", + "Action": "resource-groups:GetGroup",