AWS amazondynamodb medium security documentation change
Summary
Removed direct URL reference to IAM policy and kept policy name only
Security assessment
The change clarifies documentation about required permissions for replication service roles. Misconfiguration could lead to replication failures (REPLICATION_NOT_AUTHORIZED status), which impacts data consistency across regions - a security-adjacent availability concern. However, no specific vulnerability is addressed.
Diff
diff --git a/amazondynamodb/latest/developerguide/globaltables-security.md b/amazondynamodb/latest/developerguide/globaltables-security.md index 079e83f58..0471a8090 100644 --- a//amazondynamodb/latest/developerguide/globaltables-security.md +++ b//amazondynamodb/latest/developerguide/globaltables-security.md @@ -17 +17 @@ When you create a global table for the first time, Amazon DynamoDB automatically -When applying resource-based policies to replicas, ensure that you don't deny any of the permissions defined in the [`AWSServiceRoleForDynamoDBReplication`](https://console.aws.amazon.com/iam/home#/policies/arn:aws:iam::aws:policy/aws-service-role/DynamoDBReplicationServiceRolePolicy) policy to the SLR principal, as this will interrupt replication. If you deny required SLR permissions, replication to and from affected replicas will stop, and the replica table status will change to `REPLICATION_NOT_AUTHORIZED`. +When applying resource-based policies to replicas, ensure that you don't deny any of the permissions defined in the `AWSServiceRoleForDynamoDBReplication` policy to the SLR principal, as this will interrupt replication. If you deny required SLR permissions, replication to and from affected replicas will stop, and the replica table status will change to `REPLICATION_NOT_AUTHORIZED`.