AWS kendra medium security documentation change
Summary
Modified IAM policy examples and formatting: Changed 'kendra:Query' to ':Query', updated resource ARN format, added empty JSON sections
Security assessment
The change from 'kendra:Query' to ':Query' introduces an invalid IAM action format that could lead to policy misconfiguration. The ARN format change from 'arn:aws:kendra:...' to 'arn:aws::...' is incorrect and would break resource targeting. These changes demonstrate potential security risks through policy misconfiguration examples.
Diff
diff --git a/kendra/latest/dg/security_iam_id-based-policy-examples.md b/kendra/latest/dg/security_iam_id-based-policy-examples.md index 21ecef103..3cac07022 100644 --- a//kendra/latest/dg/security_iam_id-based-policy-examples.md +++ b//kendra/latest/dg/security_iam_id-based-policy-examples.md @@ -109,0 +110,6 @@ In this example, you want to grant an user in your AWS account access to query a +JSON + + +**** + + @@ -118 +124 @@ In this example, you want to grant an user in your AWS account access to query a - "kendra:Query" + ":Query" @@ -120 +126 @@ In this example, you want to grant an user in your AWS account access to query a - "Resource": "arn:aws:kendra:${Region}:${Account}:index/${Index ID}" + "Resource": "arn:aws::${Region}:${Account}:index/${Index ID}" @@ -132,0 +140,6 @@ This example policy grants a user or role in your AWS account permission to use +JSON + + +**** + + @@ -155,0 +170,6 @@ This example policy grants a user or role in your AWS account permission to use +JSON + + +**** + + @@ -183,0 +205,6 @@ This example policy restricts access for a user or role in your AWS account to u +JSON + + +**** + +