AWS Security ChangesHomeSearch

AWS cdk documentation change

Service: cdk · 2025-05-16 · Documentation low

File: cdk/v1/guide/permissions.md

Summary

Updated API documentation links from CDK v1 to v2 references throughout the permissions guide

Security assessment

The changes only update version numbers in documentation URLs (v1 to v2) without altering security-related content. No specific security vulnerabilities or new security features are mentioned in the diff. This appears to be routine documentation maintenance for CDK version updates.

Diff

diff --git a/cdk/v1/guide/permissions.md b/cdk/v1/guide/permissions.md
index 21d76feb3..3da182f13 100644
--- a//cdk/v1/guide/permissions.md
+++ b//cdk/v1/guide/permissions.md
@@ -23 +23 @@ In the CDK's IAM library, classes that directly or indirectly identify principal
-  1. Traditional IAM resources such as `[Role](https://docs.aws.amazon.com/cdk/api/v1/docs/@aws-cdk_aws-iam.Role.html)`, `[User](https://docs.aws.amazon.com/cdk/api/v1/docs/@aws-cdk_aws-iam.User.html)`, and `[Group](https://docs.aws.amazon.com/cdk/api/v1/docs/@aws-cdk_aws-iam.Group.html)`
+  1. Traditional IAM resources such as `[Role](https://docs.aws.amazon.com/cdk/api/v2/docs/@aws-cdk_aws-iam.Role.html)`, `[User](https://docs.aws.amazon.com/cdk/api/v2/docs/@aws-cdk_aws-iam.User.html)`, and `[Group](https://docs.aws.amazon.com/cdk/api/v2/docs/@aws-cdk_aws-iam.Group.html)`
@@ -25 +25 @@ In the CDK's IAM library, classes that directly or indirectly identify principal
-  2. Service principals (`new iam.[ServicePrincipal](https://docs.aws.amazon.com/cdk/api/v1/docs/@aws-cdk_aws-iam.ServicePrincipal.html)('service.amazonaws.com')`)
+  2. Service principals (`new iam.[ServicePrincipal](https://docs.aws.amazon.com/cdk/api/v2/docs/@aws-cdk_aws-iam.ServicePrincipal.html)('service.amazonaws.com')`)
@@ -27 +27 @@ In the CDK's IAM library, classes that directly or indirectly identify principal
-  3. Federated principals (`new iam.[FederatedPrincipal](https://docs.aws.amazon.com/cdk/api/v1/docs/@aws-cdk_aws-iam.FederatedPrincipal.html)('cognito-identity.amazonaws.com')`)
+  3. Federated principals (`new iam.[FederatedPrincipal](https://docs.aws.amazon.com/cdk/api/v2/docs/@aws-cdk_aws-iam.FederatedPrincipal.html)('cognito-identity.amazonaws.com')`)
@@ -29 +29 @@ In the CDK's IAM library, classes that directly or indirectly identify principal
-  4. Account principals (`new iam.[AccountPrincipal](https://docs.aws.amazon.com/cdk/api/v1/docs/@aws-cdk_aws-iam.AccountPrincipal.html)('0123456789012'))`
+  4. Account principals (`new iam.[AccountPrincipal](https://docs.aws.amazon.com/cdk/api/v2/docs/@aws-cdk_aws-iam.AccountPrincipal.html)('0123456789012'))`
@@ -31 +31 @@ In the CDK's IAM library, classes that directly or indirectly identify principal
-  5. Canonical user principals (`new iam.[CanonicalUserPrincipal](https://docs.aws.amazon.com/cdk/api/v1/docs/@aws-cdk_aws-iam.CanonicalUserPrincipal.html)('79a59d[...]7ef2be')`)
+  5. Canonical user principals (`new iam.[CanonicalUserPrincipal](https://docs.aws.amazon.com/cdk/api/v2/docs/@aws-cdk_aws-iam.CanonicalUserPrincipal.html)('79a59d[...]7ef2be')`)
@@ -33 +33 @@ In the CDK's IAM library, classes that directly or indirectly identify principal
-  6. AWS organizations principals (`new iam.[OrganizationPrincipal](https://docs.aws.amazon.com/cdk/api/v1/docs/@aws-cdk_aws-iam.OrganizationPrincipal.html)('org-id')`)
+  6. AWS organizations principals (`new iam.[OrganizationPrincipal](https://docs.aws.amazon.com/cdk/api/v2/docs/@aws-cdk_aws-iam.OrganizationPrincipal.html)('org-id')`)
@@ -35 +35 @@ In the CDK's IAM library, classes that directly or indirectly identify principal
-  7. Arbitrary ARN principals (`new iam.[ArnPrincipal](https://docs.aws.amazon.com/cdk/api/v1/docs/@aws-cdk_aws-iam.ArnPrincipal.html)(res.arn)`)
+  7. Arbitrary ARN principals (`new iam.[ArnPrincipal](https://docs.aws.amazon.com/cdk/api/v2/docs/@aws-cdk_aws-iam.ArnPrincipal.html)(res.arn)`)
@@ -37 +37 @@ In the CDK's IAM library, classes that directly or indirectly identify principal
-  8. An `iam.[CompositePrincipal](https://docs.aws.amazon.com/cdk/api/v1/docs/@aws-cdk_aws-iam.CompositePrincipal.html)(principal1, principal2, ...)` to trust multiple principals
+  8. An `iam.[CompositePrincipal](https://docs.aws.amazon.com/cdk/api/v2/docs/@aws-cdk_aws-iam.CompositePrincipal.html)(principal1, principal2, ...)` to trust multiple principals
@@ -44 +44 @@ In the CDK's IAM library, classes that directly or indirectly identify principal
-Every construct that represents a resource that can be accessed, such as an Amazon S3 bucket or Amazon DynamoDB table, has methods that grant access to another entity. All such methods have names starting with **grant**. For example, Amazon S3 buckets have the methods `[grantRead](https://docs.aws.amazon.com/cdk/api/v1/docs/@aws-cdk_aws-s3.Bucket.html#grant-readidentity-objectskeypattern)` and `[grantReadWrite](https://docs.aws.amazon.com/cdk/api/v1/docs/@aws-cdk_aws-s3.Bucket.html#grant-read-writeidentity-objectskeypattern)` (Python: `grant_read`, `grant_read_write`) to enable read and read/write access, respectively, from an entity to the bucket without having to know exactly which Amazon S3 IAM permissions are required to perform these operations.
+Every construct that represents a resource that can be accessed, such as an Amazon S3 bucket or Amazon DynamoDB table, has methods that grant access to another entity. All such methods have names starting with **grant**. For example, Amazon S3 buckets have the methods `[grantRead](https://docs.aws.amazon.com/cdk/api/v2/docs/@aws-cdk_aws-s3.Bucket.html#grant-readidentity-objectskeypattern)` and `[grantReadWrite](https://docs.aws.amazon.com/cdk/api/v2/docs/@aws-cdk_aws-s3.Bucket.html#grant-read-writeidentity-objectskeypattern)` (Python: `grant_read`, `grant_read_write`) to enable read and read/write access, respectively, from an entity to the bucket without having to know exactly which Amazon S3 IAM permissions are required to perform these operations.
@@ -46 +46 @@ Every construct that represents a resource that can be accessed, such as an Amaz
-The first argument of a **grant** method is always of type [IGrantable](https://docs.aws.amazon.com/cdk/api/v1/docs/@aws-cdk_aws-iam.IGrantable.html). This interface represents entities that can be granted permissions—that is, resources with roles, such as the IAM objects `[Role](https://docs.aws.amazon.com/cdk/api/v1/docs/@aws-cdk_aws-iam.Role.html)`, `[User](https://docs.aws.amazon.com/cdk/api/v1/docs/@aws-cdk_aws-iam.User.html)`, and `[Group](https://docs.aws.amazon.com/cdk/api/v1/docs/@aws-cdk_aws-iam.Group.html)`.
+The first argument of a **grant** method is always of type [IGrantable](https://docs.aws.amazon.com/cdk/api/v2/docs/@aws-cdk_aws-iam.IGrantable.html). This interface represents entities that can be granted permissions—that is, resources with roles, such as the IAM objects `[Role](https://docs.aws.amazon.com/cdk/api/v2/docs/@aws-cdk_aws-iam.Role.html)`, `[User](https://docs.aws.amazon.com/cdk/api/v2/docs/@aws-cdk_aws-iam.User.html)`, and `[Group](https://docs.aws.amazon.com/cdk/api/v2/docs/@aws-cdk_aws-iam.Group.html)`.
@@ -50 +50 @@ Other entities can also be granted permissions. For example, later in this topic
-Resources that use execution roles, such as `[lambda.Function](https://docs.aws.amazon.com/cdk/api/v1/docs/@aws-cdk_aws-lambda.Function.html)`, also implement `IGrantable`, so you can grant them access directly instead of granting access to their role. For example, if `bucket` is an Amazon S3 bucket, and `function` is a Lambda function, the code below grants the function read access to the bucket.
+Resources that use execution roles, such as `[lambda.Function](https://docs.aws.amazon.com/cdk/api/v2/docs/@aws-cdk_aws-lambda.Function.html)`, also implement `IGrantable`, so you can grant them access directly instead of granting access to their role. For example, if `bucket` is an Amazon S3 bucket, and `function` is a Lambda function, the code below grants the function read access to the bucket.
@@ -128 +128 @@ C#
-The IAM package contains a `[Role](https://docs.aws.amazon.com/cdk/api/v1/docs/@aws-cdk_aws-iam.Role.html)` construct that represents IAM roles. The following code creates a new role, trusting the Amazon EC2 service.
+The IAM package contains a `[Role](https://docs.aws.amazon.com/cdk/api/v2/docs/@aws-cdk_aws-iam.Role.html)` construct that represents IAM roles. The following code creates a new role, trusting the Amazon EC2 service.
@@ -180 +180 @@ C#
-You can add permissions to a role by calling the role's `[addToPolicy](https://docs.aws.amazon.com/cdk/api/v1/docs/@aws-cdk_aws-iam.Role.html#add-to-policystatement)` method (Python: `add_to_policy`), passing in a `[PolicyStatement](https://docs.aws.amazon.com/cdk/api/v1/docs/@aws-cdk_aws-iam.PolicyStatement.html)` that defines the rule to be added. The statement is added to the role's default policy; if it has none, one is created. 
+You can add permissions to a role by calling the role's `[addToPolicy](https://docs.aws.amazon.com/cdk/api/v2/docs/@aws-cdk_aws-iam.Role.html#add-to-policystatement)` method (Python: `add_to_policy`), passing in a `[PolicyStatement](https://docs.aws.amazon.com/cdk/api/v2/docs/@aws-cdk_aws-iam.PolicyStatement.html)` that defines the rule to be added. The statement is added to the role's default policy; if it has none, one is created. 
@@ -251 +251 @@ C#
-In our example above, we've created a new `[PolicyStatement](https://docs.aws.amazon.com/cdk/api/v1/docs/@aws-cdk_aws-iam.PolicyStatement.html)` inline with the `[addToPolicy](https://docs.aws.amazon.com/cdk/api/v1/docs/@aws-cdk_aws-iam.Role.html#add-to-policystatement)` (Python: `add_to_policy`) call. You can also pass in an existing policy statement or one you've modified. The [PolicyStatement](https://docs.aws.amazon.com/cdk/api/v1/docs/@aws-cdk_aws-iam.PolicyStatement.html) object has [numerous methods](https://docs.aws.amazon.com/cdk/api/v1/docs/@aws-cdk_aws-iam.PolicyStatement.html#methods) for adding principals, resources, conditions, and actions. 
+In our example above, we've created a new `[PolicyStatement](https://docs.aws.amazon.com/cdk/api/v2/docs/@aws-cdk_aws-iam.PolicyStatement.html)` inline with the `[addToPolicy](https://docs.aws.amazon.com/cdk/api/v2/docs/@aws-cdk_aws-iam.Role.html#add-to-policystatement)` (Python: `add_to_policy`) call. You can also pass in an existing policy statement or one you've modified. The [PolicyStatement](https://docs.aws.amazon.com/cdk/api/v2/docs/@aws-cdk_aws-iam.PolicyStatement.html) object has [numerous methods](https://docs.aws.amazon.com/cdk/api/v2/docs/@aws-cdk_aws-iam.PolicyStatement.html#methods) for adding principals, resources, conditions, and actions. 
@@ -402 +402 @@ C#
-A few resources in AWS, such as Amazon S3 buckets and IAM roles, also have a resource policy. These constructs have an `addToResourcePolicy` method (Python: `add_to_resource_policy`), which takes a `[PolicyStatement](https://docs.aws.amazon.com/cdk/api/v1/docs/@aws-cdk_aws-iam.PolicyStatement.html)` as its argument. Every policy statement added to a resource policy must specify at least one principal.
+A few resources in AWS, such as Amazon S3 buckets and IAM roles, also have a resource policy. These constructs have an `addToResourcePolicy` method (Python: `add_to_resource_policy`), which takes a `[PolicyStatement](https://docs.aws.amazon.com/cdk/api/v2/docs/@aws-cdk_aws-iam.PolicyStatement.html)` as its argument. Every policy statement added to a resource policy must specify at least one principal.
@@ -404 +404 @@ A few resources in AWS, such as Amazon S3 buckets and IAM roles, also have a res
-In the following example, the [Amazon S3 bucket](https://docs.aws.amazon.com/cdk/api/v1/docs/@aws-cdk_aws-s3.Bucket.html) `bucket` grants a role with the `s3:SomeAction` permission to itself.
+In the following example, the [Amazon S3 bucket](https://docs.aws.amazon.com/cdk/api/v2/docs/@aws-cdk_aws-s3.Bucket.html) `bucket` grants a role with the `s3:SomeAction` permission to itself.