AWS Security ChangesHomeSearch

AWS firehose high security documentation change

Service: firehose · 2025-06-10 · Security-related high

File: firehose/latest/dev/controlling-access.md

Summary

Removed guidance on using sts:ExternalId to prevent confused deputy issues

Security assessment

The removal of documentation about mitigating the confused deputy problem could lead to insecure IAM role configurations, increasing the risk of unauthorized access.

Diff

diff --git a/firehose/latest/dev/controlling-access.md b/firehose/latest/dev/controlling-access.md
index 6f430efc8..5388ffa8b 100644
--- a//firehose/latest/dev/controlling-access.md
+++ b//firehose/latest/dev/controlling-access.md
@@ -133,2 +132,0 @@ Amazon Data Firehose uses an IAM role for all the permissions that the Firehose
-This policy uses the `sts:ExternalId` condition context key to ensure that only Amazon Data Firehose activity originating from your AWS account can assume this IAM role. For more information about preventing unauthorized use of IAM roles, see [The confused deputy problem](https://docs.aws.amazon.com/IAM/latest/UserGuide/confused-deputy.html) in the _IAM User Guide_.
-