AWS iot-sitewise medium security documentation change
Summary
Modified authorization configuration to use built-in database and file-based ACLs, updated documentation for rule management
Security assessment
The change enforces a structured authorization approach by separating built-in database and file-based ACLs, reducing risks of misconfiguration. The updated guidance to use the EMQX Dashboard instead of direct file edits limits unauthorized modifications to authorization rules.
Diff
diff --git a/iot-sitewise/latest/userguide/update-emqx-broker-authorization.md b/iot-sitewise/latest/userguide/update-emqx-broker-authorization.md index dd4cfe832..8e1075d8a 100644 --- a//iot-sitewise/latest/userguide/update-emqx-broker-authorization.md +++ b//iot-sitewise/latest/userguide/update-emqx-broker-authorization.md @@ -46,3 +46,5 @@ Linux - "enable": true, - "path": "/opt/emqx/data/authz/acl.conf", - "type": "file" + "type": "built_in_database" + }, + { + "type": "file", + "path": "data/authz/acl.conf" @@ -103 +105,3 @@ Windows - "enable": true, + "type": "built_in_database" + }, + { @@ -161 +165 @@ Windows -From this point onward, you can't edit the ACL file to update the authorization rules. Alternatively, you can proceed to [Add rules through the EMQX Dashboard or REST APIs](./add-rules-emqx-broker.html) after a successful deployment. +From this point onward, you can't edit the ACL file to update the authorization rules. Alternatively, you can proceed to [Add authorization rules through the EMQX Dashboard for users](./add-rules-emqx-broker.html) after a successful deployment. @@ -171 +175 @@ Configure authorization using Microsoft Windows -Add authorization rules +Add authorization rules for users