AWS Security ChangesHomeSearch

AWS waf medium security documentation change

Service: waf · 2025-05-25 · Security-related medium

File: waf/latest/developerguide/security_iam_id-based-policy-examples.md

Summary

Removed 'acm:DescribeCertificate' and 'acm:RequestCertificate' permissions from policy example

Security assessment

The removal of unnecessary ACM permissions from an IAM policy example enforces least-privilege principles, reducing potential attack surface. This is a security-focused policy hardening change.

Diff

diff --git a/waf/latest/developerguide/security_iam_id-based-policy-examples.md b/waf/latest/developerguide/security_iam_id-based-policy-examples.md
index eec5e3ab9..61fcb6eb1 100644
--- a//waf/latest/developerguide/security_iam_id-based-policy-examples.md
+++ b//waf/latest/developerguide/security_iam_id-based-policy-examples.md
@@ -160,2 +159,0 @@ The following policy lets users perform any AWS WAF operation, perform any opera
-                "acm:DescribeCertificate",
-                "acm:RequestCertificate",