AWS Security ChangesHomeSearch

AWS msk high security documentation change

Service: msk · 2025-05-31 · Security-related high

File: msk/latest/developerguide/mkc-iam-policy-examples.md

Summary

Simplified IAM policy resource ARNs to use wildcards instead of specific resources

Security assessment

Changed from specific resource ARNs to wildcard ('*') in IAM policy examples, which could lead to over-permissive access if implemented without proper scoping. This directly impacts security by increasing potential attack surface.

Diff

diff --git a/msk/latest/developerguide/mkc-iam-policy-examples.md b/msk/latest/developerguide/mkc-iam-policy-examples.md
index 1b82491f2..77b328b97 100644
--- a//msk/latest/developerguide/mkc-iam-policy-examples.md
+++ b//msk/latest/developerguide/mkc-iam-policy-examples.md
@@ -34,5 +34 @@ To give a non-admin user full access to all MSK Connect functionality, attach a
-          "Resource": [
-            "arn:aws:kafkaconnect:us-east-1:123456789012:connector/*",
-            "arn:aws:kafkaconnect:us-east-1:123456789012:custom-plugin/myCustomPlugin/",
-            "arn:aws:kafkaconnect:us-east-1:123456789012:worker-configuration/myWorkerConfig/"
-          ]
+          "Resource": "*"
@@ -72 +68 @@ To give a non-admin user full access to all MSK Connect functionality, attach a
-          "Resource": "arn:aws:kafkaconnect:us-east-1:123456789012:cluster/myCluster/"
+          "Resource": "arn:aws:kafka:us-east-1:123456789012:cluster/myCluster/"