AWS acm documentation change
Summary
Replaced inline IAM policy JSON with links to AWS managed policies
Security assessment
Documentation restructuring for maintainability without altering security policies or recommendations
Diff
diff --git a/acm/latest/userguide/security-iam-awsmanpol.md b/acm/latest/userguide/security-iam-awsmanpol.md index a21d5c778..a92d61da4 100644 --- a//acm/latest/userguide/security-iam-awsmanpol.md +++ b//acm/latest/userguide/security-iam-awsmanpol.md @@ -21,17 +20,0 @@ This policy provides read–only access to ACM certificates; it allows users to - - { - "Version":"2012-10-17", - "Statement":{ - "Effect":"Allow", - "Action":[ - "acm:DescribeCertificate", - "acm:ListCertificates", - "acm:GetCertificate", - "acm:ListTagsForCertificate", - "acm:GetAccountConfiguration" - ], - "Resource":"*" - } - } - - @@ -39,0 +23,2 @@ To view this AWS managed policy in the console, go to [https://console.aws.amazo +For a JSON listing of the policy details, see [AWSCertificateManagerReadOnly](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AWSCertificateManagerReadOnly.html). + @@ -44,34 +28,0 @@ This policy provides full access to all ACM actions and resources. - - { - "Version":"2012-10-17", - "Statement":[ - { - "Effect":"Allow", - "Action":[ - "acm:*" - ], - "Resource":"*" - }, - { - "Effect":"Allow", - "Action":"iam:CreateServiceLinkedRole", - "Resource":"arn:aws:iam::*:role/aws-service-role/acm.amazonaws.com/AWSServiceRoleForCertificateManager*", - "Condition":{ - "StringEquals":{ - "iam:AWSServiceName":"acm.amazonaws.com" - } - } - }, - { - "Effect":"Allow", - "Action":[ - "iam:DeleteServiceLinkedRole", - "iam:GetServiceLinkedRoleDeletionStatus", - "iam:GetRole" - ], - "Resource":"arn:aws:iam::*:role/aws-service-role/acm.amazonaws.com/AWSServiceRoleForCertificateManager*" - } - ] - } - - @@ -79,0 +31,2 @@ To view this AWS managed policy in the console, go to [https://console.aws.amazo +For a JSON listing of the policy details, see [AWSCertificateManagerFullAccess](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AWSCertificateManagerFullAccess.html). +