AWS waf medium security documentation change
Summary
Removed 'acm:DescribeCertificate' and 'acm:RequestCertificate' permissions from policy example
Security assessment
The removal of unnecessary ACM permissions from an IAM policy example enforces least-privilege principles, reducing potential attack surface. This is a security-focused policy hardening change.
Diff
diff --git a/waf/latest/developerguide/security_iam_id-based-policy-examples.md b/waf/latest/developerguide/security_iam_id-based-policy-examples.md index eec5e3ab9..61fcb6eb1 100644 --- a//waf/latest/developerguide/security_iam_id-based-policy-examples.md +++ b//waf/latest/developerguide/security_iam_id-based-policy-examples.md @@ -160,2 +159,0 @@ The following policy lets users perform any AWS WAF operation, perform any opera - "acm:DescribeCertificate", - "acm:RequestCertificate",