AWS Security ChangesHomeSearch

AWS kendra medium security documentation change

Service: kendra · 2025-06-25 · Security-related medium

File: kendra/latest/dg/security_iam_id-based-policy-examples.md

Summary

Modified IAM policy examples and formatting: Changed 'kendra:Query' to ':Query', updated resource ARN format, added empty JSON sections

Security assessment

The change from 'kendra:Query' to ':Query' introduces an invalid IAM action format that could lead to policy misconfiguration. The ARN format change from 'arn:aws:kendra:...' to 'arn:aws::...' is incorrect and would break resource targeting. These changes demonstrate potential security risks through policy misconfiguration examples.

Diff

diff --git a/kendra/latest/dg/security_iam_id-based-policy-examples.md b/kendra/latest/dg/security_iam_id-based-policy-examples.md
index 21ecef103..3cac07022 100644
--- a//kendra/latest/dg/security_iam_id-based-policy-examples.md
+++ b//kendra/latest/dg/security_iam_id-based-policy-examples.md
@@ -109,0 +110,6 @@ In this example, you want to grant an user in your AWS account access to query a
+JSON
+    
+
+****
+    
+    
@@ -118 +124 @@ In this example, you want to grant an user in your AWS account access to query a
-                    "kendra:Query"
+                    ":Query"
@@ -120 +126 @@ In this example, you want to grant an user in your AWS account access to query a
-                "Resource": "arn:aws:kendra:${Region}:${Account}:index/${Index ID}"
+                "Resource": "arn:aws::${Region}:${Account}:index/${Index ID}"
@@ -132,0 +140,6 @@ This example policy grants a user or role in your AWS account permission to use
+JSON
+    
+
+****
+    
+    
@@ -155,0 +170,6 @@ This example policy grants a user or role in your AWS account permission to use
+JSON
+    
+
+****
+    
+    
@@ -183,0 +205,6 @@ This example policy restricts access for a user or role in your AWS account to u
+JSON
+    
+
+****
+    
+