AWS datazone medium security documentation change
Summary
Removed user ARN from S3 encryption policy
Security assessment
Removed explicit user ARN from allowed principals in encryption policy, reducing potential attack surface by limiting access to service roles only
Diff
diff --git a/datazone/latest/userguide/hybrid-mode.md b/datazone/latest/userguide/hybrid-mode.md index 8d5d96377..7dae03c5e 100644 --- a//datazone/latest/userguide/hybrid-mode.md +++ b//datazone/latest/userguide/hybrid-mode.md @@ -92,2 +92 @@ If your Amazon S3 location is encrypted with a customer managed key, do the foll - "arn:aws:iam::111122223333:role/service-role/AmazonDataZoneDataLocationManage-<region>-<domain-id>", - "arn:aws:iam::111122223333:user/keyuser" + "arn:aws:iam::111122223333:role/service-role/AmazonDataZoneDataLocationManage-<region>-<domain-id>"