AWS msk high security documentation change
Summary
Simplified IAM policy resource ARNs to use wildcards instead of specific resources
Security assessment
Changed from specific resource ARNs to wildcard ('*') in IAM policy examples, which could lead to over-permissive access if implemented without proper scoping. This directly impacts security by increasing potential attack surface.
Diff
diff --git a/msk/latest/developerguide/mkc-iam-policy-examples.md b/msk/latest/developerguide/mkc-iam-policy-examples.md index 1b82491f2..77b328b97 100644 --- a//msk/latest/developerguide/mkc-iam-policy-examples.md +++ b//msk/latest/developerguide/mkc-iam-policy-examples.md @@ -34,5 +34 @@ To give a non-admin user full access to all MSK Connect functionality, attach a - "Resource": [ - "arn:aws:kafkaconnect:us-east-1:123456789012:connector/*", - "arn:aws:kafkaconnect:us-east-1:123456789012:custom-plugin/myCustomPlugin/", - "arn:aws:kafkaconnect:us-east-1:123456789012:worker-configuration/myWorkerConfig/" - ] + "Resource": "*" @@ -72 +68 @@ To give a non-admin user full access to all MSK Connect functionality, attach a - "Resource": "arn:aws:kafkaconnect:us-east-1:123456789012:cluster/myCluster/" + "Resource": "arn:aws:kafka:us-east-1:123456789012:cluster/myCluster/"